Advanced contextual-based feature only triggered by risky logins, mitigating hacking attacks and reducing threat of data breaches while preserving user experience
Auth0, the identity platform for application teams, launched Adaptive Multi-factor Authentication (MFA), a sophisticated security feature that helps reduce the threat of hacks and data breaches. Adaptive MFA is an important addition to Auth0’s expanding security portfolio—which also includes Bot Detection, Breached Password Detection, Brute Force Protection, and Suspicious IP Throttling—and is one of the platform’s most advanced context-based security features.
Adaptive MFA is designed to help companies address the inherent challenges of enabling security while preserving user experience. Unlike traditional MFA, which is triggered upon every login attempt and creates an additional step for the end user, Adaptive MFA only appears when a login is deemed risky. This is calculated by an overall risk score that measures abnormal behavior from known devices, impossible travel, and/or IP reputation. Customers can have the confidence that with Adaptive MFA, their end users are asked for secondary authentication only when behavioral signals don’t conform to usual patterns for a particular user.
For example, for a user who normally signs into their account at the same time every morning in San Francisco from a personal laptop, Adaptive MFA would only present a second factor authenticator if login was attempted outside of the region, usual timeframe, or from a different computer or IP address. Developers can determine how much weight each signal is given to define the risk score that sets off the trigger.
Many companies are reluctant to implement MFA—proven to be an effective defense against account hacking attacks—out of fear of negatively impacting user experience and thus their conversion and retention performance. However, additional friction during the signup, login, or checkout experiences can affect user conversion/retention, resulting in lost sales, and can potentially increase support incidents. Forrester predicts that the MFA market will grow to $2 billion by 20231, and this anticipated growth signals the need for a more intelligent and contextually-based MFA solution.
“Auth0 is mission is to provide secure access for everyone. Securing identities is core to that mission and this new capability adds to the already powerful features in our security profile, designed to counter a variety of sophisticated threats, such as automated attacks, account takeovers, and phishing attacks,” said Shiven Ramji, Chief Product Officer at Auth0. “Adaptive MFA should be a key consideration for any enterprise that has previously had to make a tradeoff between security and user experience. The ability to reduce friction while increasing security is a competitive differentiator for our customers.”