Skip to main content

Grandma, what big eyes you have! I’m going to have to ask you for a retinal scan to confirm your identity…

Jan

13

2017

Time to read

Read so far

Written by: 

Sandra Carielli

Time to read

Written by: 

If you take a look back through classic literature, particularly fairy tales, there are some themes that emerge. Parental abandonment is one (besides Sleeping Beauty, what other fairy tale characters have two living parents? Maybe if you count Pongo and Perdy from 101 Dalmatians…). Identity is another one, be it mistaken identity, identity theft or trying to prove identity. What identity technologies, when applied to classic fairy tales, would have prevented tragedy or helped move the story along? Today, let’s look at Little Red Riding Hood. This is a pretty classic case of identity theft, though identity theft today doesn’t usually include the attacker eating the victim. But by wearing her clothes and getting into her bed, the Wolf was able to convince Red Riding Hood that he was Grandma…at least at first. It didn’t take long for Red to notice that something wasn’t quite right – Grandma’s eyes, ears and teeth aren’t usually that big. Red’s observations that Grandma seemed a bit odd are the fairy tale analog to behavioral analytics. Context based factors and behavioral analytics look at how a user is acting in the system, be it location, device fingerprint, typing patterns, touchscreen movements or other actions – if the user’s behavior deviates from their “normal behavior” enough, the system requests an additional (step up) authentication, just to confirm that the user is still who they claim to be. Applying context and behavioral analytics to authentication balances user convenience (the user doesn’t have to authenticate constantly) with security (but they do have to authenticate if something seems different). The classic challenge in integrating behavioral analytics with authentication is tuning. If the system is too sensitive, a user might be asked to re-authenticate too often, really hurting the user experience. Users want authentication to be as transparent as possible. On the other hand, if the behavioral analytics are not sensitive enough, you’re not getting much value from the integration. Behavioral analytics systems used to undergo a few months of testing and tuning in a QA environment before being rolled out to production. With improvements in machine learning and an ever increasing number of elements used to build up user profiles (including analysis of how the user is navigating the application), the time to learn has decreased in recent years, and customers can recognize the value in behavioral analytics sooner. What kinds of step up authentications work well when combined with these newer analytic capabilities? These days, we talk to our customers a lot about mobile push, which provides a nice balance between usability and security. The user interaction with mobile push is quick and simple: an app on your mobile device asks you to confirm the authentication, and you simply touch the right button to continue. Customers appreciate the frictionless experience – no codes to enter, no passwords to remember. When combining mobile push with behavioral analytics, you get an almost transparent experience for Red’s Grandma while still providing high security through continuous analytics and step up authentication. In the case of Little Red Riding Hood, while the Wolf looked a lot like Grandma, there were enough anomalies for a behavioral system to trigger an authentication request; time for Red to ask “Grandma” for a mobile push or a fingerprint.