We log into work in the morning, usually between 0900 and 0915. We log into mail, the collaboration system, then the business applications. The place we log in from, the time we start work, and the sequence of logins form a unique pattern. And unique patterns can be useful as authentication factors. Right now, there's a possible problem, though: How do you establish "normal" behaviors in an utterly abnormal time?
(image by andigreyscale, via Adobe Stock)
The issues around behavior-based authentication echo larger IT behavior issues of the moment. Daniel Norman, research analyst at the Information Security Forum, says, "During times of crisis, behavior can be overwhelmed by stress and especially by disruption to daily routines. The COVID-19 lockdown has demonstrated the requirement for organizations to manage behavior effectively, or face disruption from a growing range of security threats both from outside and within the business."
Defining a useful normal
Robert Capps, vice president at NuData Security, a Mastercard company, says that benchmarking and using behavior may begin with understanding which behaviors remain useful indicators of a user's identity. "Users who are sheltering in place will have some or all of the same characteristics present in their interactions, as they did pre-COVID," Capps explains. "They will continue to use their home internet connection, their existing devices, and will use those devices in the same way as before." He points out that the habits ..
Support the originator by clicking the read the rest link below.
