Page Comparison

Page Properties

Contexts	Cybersecurity, IAM
Term	Continuous Authentication
Alternative Forms
Definitions	After the initial authentication, during the session, the monitoring of signals from the user and the environment and the comparison of this information with a baseline of expected behaviors to assure the continued authenticity of the user’s identity. Continuous authentication may trigger re-authentication and/or session termination when that level of assurance is no longer attained.
Related Terms	Authentication (Dictionary Entry) Behavior Based Continuous Authentication Re-authentication (Dictionary Entry)

Quotes

Even if we put aside for a moment the problem of initial authentication, we also need to
consider the problem of continuous authentication: After one computer has authenticated
another and is ready to engage in some kind of data exchange, each computer has to
monitor for a wiretapping or hijacking attack by which a new computer would enter into
the communication, falsely alleging to be the authenticated one, as depicted in Figure 4-6.

...

A single authentication factor is generally not considered sufficiently trustworthy. An authentication process is usually considered more robust and reliable when it employs multiple types of authentication factors.²¹
(…)
²¹ As digital ID systems evolve this understanding is becoming more nuanced. Where authentication is active and continuous, authentication strength is sometimes assessed, not in terms of the number of different authentication factors and types, but in terms of overall robustness resulting from the use of multiple sources of dynamic, digital customer data, including expected log-in channels, geolocation, frequency of usage, type of usage, IP addresses and biomechanical metric behavioural patterns

(FATF, 2020, p. 22)

Versions Compared

Old Version 8

New Version Current

Key

Quotes

Bibliography

See Also