Machine Learning Used to Reduce Login Hassles
Seeking to boost the effectiveness of multi-factor authentication, identity management vendor OneLogin Inc. has released an adaptive approach that leverages machine learning to gauge security risks and implement appropriate authentication levels.
The San Francisco-based company that also specializes in cloud identity and access management said its machine learning capabilities would allow users to detect increasingly sophisticated security risks that are often missed by “simplistic” multi-factor authentication.
The machine-learning tool helps determine the number of authentication factors (usually a password and numeric code sent via text messages to a mobile phone) needed to secure systems depending on the risks. The system prompts users to authenticate with multiple factors when risk is higher.
The goal, the company said, is to balance “security and usability.”
The adaptive authentication platform uses machine learning to build a risk profiles based on users’ navigation across networks, browsers, devices and locations. Those factors are gauged against which new login attempts and password resets considered suspicious.
These factors are combined to determine risk and the number of required authentication factors required at login. For example, the system would learn over time when a user was signing in from the same device at the same location, allowing them to log onto a network without a second factor.
“We are beefing up our multi-factor authentication because customers are telling us they want to consolidate on fewer security vendors,” OneLogin CEO Thomas Pedersen noted in a statement. “Customers want less complexity, tighter integration, increased usability and lower cost.”
The company said its adaptive authentication tool is available now at $3 per user per month. That package works with both OneLogin and other third-party authentication vendors who work with the company.
The authentication application illustrates how machine learning is making inroads in data security as a way to monitor user behavior and guard against insider threats. OneLogin is among a handful of identity and access management vendors such as Duo and Microsoft (NASDAQ: MSFT) turning to machine learning to reduce the hassles associated with authentication even when signing into an enterprise application.
“Those that continue to require users to use multiple factors are going to lose relevancy with users,” the company asserts.
Another San Francisco-based company, Fortscale, has released a machine-learning platform that simultaneously seeks to block internal and external threats. The company developed a Hadoop-based security-monitoring product based on proprietary machine learning algorithms running in Hadoop to score the security risk of every user in an organization.
The system then monitors user behavior for significant deviations from that score.