Concept
Risk-Based Authentication
Risk-based authentication (RBA) adjusts authentication requirements based on signals such as device, location, network, and behavior. Low-risk sessions pass smoothly while risky ones face a step-up challenge such as MFA.
The point is to reduce friction without weakening security: a login from a known device and usual location proceeds, while an unfamiliar device, an impossible-travel pattern, or an anomalous action triggers an additional factor. RBA is the engine behind adaptive authentication and a core building block of conditional access and zero trust. For platforms that implement it, see the top risk-based authentication platforms.
Related terms