What is Continuous Authentication?
Most users are familiar with the different forms of verification needed to login to their computers, access their email accounts, or open their company’s shared server. But in most of these instances, the user enters their username and password once, leaving these systems vulnerable to security breaches for the remainder of the workday. Continuous authentication is a new technology that uses a person’s behavior to continuously verify their identity throughout a session — not just at the entry login point.
How is Continuous Authentication Different from Two-Factor Authentication?
Continuous authentication is just that — a technology that can continuously verify the identity of the user throughout a session. While two-factor authentication provides an extra layer of security — by letting the user confirm their identity through multiple devices — the system is still open to vulnerability, since the password doesn’t need to be confirmed again once a session is opened. Through analysis of a user’s behaviors and interactions with a device, continuous authentication can spot vulnerabilities at any point in a session.
How BioCatch is Advancing Cyber Security with Continuous Authentication
With 100% of fraud coming from authenticated sessions, the integrity of an online session is not assured simply at login. The BioCatch Continuous Authentication module develops behavioral profiles of online users to recognize fraudsters, malware, remote access Trojans (RATs) and other cybersecurity threats. The platform proactively detects human and non-human behavioral anomalies to validate identities after the login and prevent account takeover and other cyberthreats.
The solution selects 20 unique features from its 2,000+ behavioral profiling metrics to authenticate a user — without any disruption in the user’s experience. The features are selected according to highly-advanced machine learning algorithms, which are employed to maximize the profiling process. After a few minutes of user activity, a robust user profile is built. Once established, the system can detect anomalies and suspicious behavior at an extremely high-level of accuracy and low rate of false positives.
The BioCatch behavioral profile is based on:
- Cognitive factors such as eye-hand coordination, applicative behavior patterns, usage preferences, device interaction patterns and responses to Invisible Challenges.
- Physiological factors such as left/right handedness, press-size, hand tremors, arm size and muscle usage.
- Contextual factors such as transaction, navigation, device and network patterns.
Patented Invisible Challenges extract further behavioral information, immune to replay attacks, bots and malware. After comparing the session data to the genuine user’s profile, BioCatch provides a risk score in real-time that can be used as a standalone indicator, or combined with other threat detection systems.
What are the Benefits of Behavioral Authentication?
BioCatch works passively in the background without disrupting the user experience. This means applying step-up authentication requirements based on risk, and de-escalating where there is a high assurance of the proper user inside a session.
BioCatch provides actual fraud savings as well as significant operational savings due to fewer escalations to call centers.