Hi there, If you haven’t heard the term ‘adaptive authentication’ before, this post is for you. :D
Let’s get started. So, what do you mean by adaptive authentication?
Hmm.. well?
.
.
.
This is what www.identityautomation.com had to say,
“Adaptive authentication is a way that two-factor authentication or multi-factor authentication can be configured and deployed. It’s a method for selecting the right authentication factors depending on a user’s risk profile and tendencies — for adapting the type of authentication to the situation.”
If you got that, mate, you’re wasting your time here. And clearly you’re not a five year old.
Right. For those of you’re still here, let’s break this down. Before we dig into adaptive authentication, we first need to understand what ‘authentication’ means. Right?
.
.
Yes.
.
.
.
This is Tim.
How do you know this is actually Tim, and not some impostor called Bob, who secretly wishes to be like Tim?
Because he says that he is Tim? Or is it because I introduced him earlier as Tim? How would you know for sure?
How do we know for sure he is actually who he say he is?
What if he had some kind of a verification to prove his claim?
Well…
As it turns out, it was actually Tim all along. He verified himself as Tim, by providing an ID card he had. Now we can say, Tim has successfully authenticated himself. In brief, authentication is the process of verifying who you are.
Now, what could’ve been the other possible means which Tim could’ve used to verify his claim?
Let’s save that for the next time. ;D
Now that we know what authentication means, let’s get back to our main topic, Adaptive authentication.
Here’s Tim again. Tim is going to their office new year party. Only the one’s with the office ID card are allowed into the party by the security.
Tim had his ID with him, so he got in with no trouble.
With technical jargon we can say, he was successfully authenticated as an employee of the company and was authorized to enter the party.
At the party, Tim sees a bar. Now, in Tim’s country, a person has to be over 21 years old to buy a drink. It’s the regulation. But, the bartenders check for age only if the person looks under-aged.
Tim really wants to buy a drink. But, he is only 19. :|
Tim sees that the bartender doesn’t check the IDs when serving the drinks. So he walks up to the bartender, with a smile on his face and asks for a drink.
Bar tender looks at Tim. Hmmmmm…
Since Tim looks suspiciously under-aged, the bartender asks Tim for his ID.
Tim is shook! He never expected this. All the people who ordered drinks before him didn’t have to provide an ID.
Tim says “No thanks” and walks away from the bartender, embarrassed. Tim had to provide his ID because he looked suspicious. The people who ordered drinks before him didn’t have to provide their IDs since the bar tender didn’t find them suspicious.
This is a case of adaptive authentication. Tim was prompted for additional authentication because he looked suspicious. What adaptive authentication does is that it provides an additional layer of security while maintaining a good user experience. If every person ordering a drink had to provide his ID as verification, it would provide security for sure. But at the same time, it would degrade the experience.
.
.
.
Congratulations! Now you barely know what adaptive authentication means.
Also, you have successfully finished reading my very first medium post. Here’s a cute cat picture from the Internet.
bye.
