Adaptive authentication offers a good balance between security and usability. This presentation discusses the benefits of adaptive authentication and how WSO2 Identity Server can support any adaptive or risk-based authentication use case.
3. ‘Passwords’
are not secure!
● Over 70% of employees reuse
passwords at work.
● 59% reuse their passwords
everywhere.
● 81% of hacking-related breaches
leveraged either stolen and/or
weak passwords.
● The above rate has gone from 50%
to 66% to 81% during the past three
years (2017).
Source - 2017 Verizon Data Breach Investigations Report (DBIR)
19. Authentication needs to be more dynamic,
responsive and context sensitive
=
Adaptive Authentication
20. Notification
IdP offers 2nd factor
authentication based on H/W
device
Use Case: Geo Velocity
1st login from Europe
2nd login from NA
After
20 Hours
Success Fail
Notification
Block
Alex
Alex
1st
Login
2nd
Login
After 20 Hours
21. Use Case: An Application Request LoA3
Healthcare App A healthcare app request
LoA3 for authentication
IdP asks for additional
authentication based on
LoA3 configuration
22. Use Case: Authentication From New Devices
New Device
Shopping Cart App A user trying to login from
an unknown new device
IdP asks for additional
authentication steps
23. WSO2 Identity Server Offering - Overview
Scripting to define
conditional & adaptive
authentication policies
● Support JS for the scripting
● Ability to integrate with CEP and ML engines
● Out-of-the-box integration for WSO2 Stream
Processor 4.0
Wide range of
authentication connectors
● Support for hardware, mobile, biometric &
social authentication providers
● Range of production-ready connectors via
WSO2 Store
● Connector extension framework
24. WSO2 Identity Server Offering - Overview
Static Authentication Flow
● IdP offers static authentication flow to the user
● Multi-factor & Multi-option authentication
● In Multi-option authentication user can pick one
option from each step
Request-based Conditional Authentication Flow
● IdP offers dynamic authentication flow to the user
● Based on attributes of request message
authentication steps will change
● HTTP message, SAML ACR, OIDC ACR
25. WSO2 Identity Server Offering - Overview
User-based Conditional Authentication Flow
● IdP offers static authentication flow to the user
● Based on attributes of identified user
authentication steps will change
Adaptive/Risk-based Authentication Flow
● IdP offers dynamic authentication flow to the user
● Authentication steps can be based on user
behaviors, environments, history and risk score
26. Conclusions
● Everyone knows passwords are no longer
secure.
● Multi-factor authentication offers a perfect
solution but less adopted due to usability
issues.
● Multi-factor authentication needs to be
more dynamic, responsive and context
sensitive, and we called it ‘Adaptive
Authentication’
● WSO2 Identity Server can support any
adaptive or risk-based authentication use
case.