Contextual could overtake two-factor authentication

login screen username and password

A lot of people criticise the “traditional” username-and-password authentication method, or the so-called “two-factor authentication” method, or “2FA”, as some like to call it. 

The main reason is that it’s seen as providing inadequate security in a world where literally billions of user accounts have been hacked by online criminals who seem to find it easy to get around cyberspace.

One of the methods touted as a possible replacement for two-factor authentication is “contextual authentication”, which essentially uses more than two factors. Although the two-factor process is technically a “multi-factor” method, an increasing number of cyber security experts are saying two is not enough, and contextual is the way to go.

As well as utilising usernames and passwords, contextual authentication can also consider such factors as:

  • the user’s location;
  • the user’s IP address;
  • the device they are using; and
  • the time they are logging in.
Contextual authentication could overtake current identity and access management methods Click To Tweet

The last may be a bit tricky, since many people log in to their accounts at various times of the day and night, but when considered in the context of the other factors, clearly it offers a more thorough identity and access management method.

As well as using the above list of factors, contextual authentication could also combine biometric data, such as fingerprint ID, which is increasingly available of mobile devices and some desktop computers as well through specially-made peripherals.

And that’s not all. As Nicole Fuugere of IAM company ThisData says: “There are many others, such as velocity checks, IP reputation, whitelist/blacklist countries, suspicious login locations, Tor usage, known behavior amongst co-workers, and more.”

For some, such as Ben Rice of Centrify, the whole world has gone to pot already because of sub-optimal authentication systems.

“Given the massive amount of credentials that have been compromised in the recent past, it’s safe to assume that every password has been stolen, and made available to attackers,” says Rice.

However, he says there is hope in context-based multi-factor authentication methods.

“By adding in context-based MFA, you can stop a hacker with a compromised credential from doing any damage,” says Rice.

“This means we can finally protect every significant connected resource by requiring context-based MFA with many easy to use methods for users to provide those multiple factors.”