Child pages
  • Brainstorm: Adaptive Risk
Skip to end of metadata
Go to start of metadata
  • OpenAM has an adaptive risk model - determines risky events
  • Question: too many end users failing knowledge based authentication with 3 questions. Reduced it to one, but need to increase security, can we use adaptive risk?
    • Yes, use adaptive risk and turn on things like last login day/time, IP range

    • Last login day/time is written to user profile

    • list of IP Address (last 5) – optionally written to profile

    • Number of failed Logins – on the server

    • Device tagging – simply to see if user has used this device before

    • Device print is in OpenAM 12/13 - separate module on the server side

  • If you move to different browser – look for some evidence that the browser has been used before (IP address, plug-ins, fonts, etc.)

  • Adaptive risk model – http request can be looked at when you authenticate and each time you access a protected resource 

  • If someone fails authentication can you notify the customer/user if you think the account has been compromised 

  • Adaptive Risk is hard to do when you have a low bandwidth of information

  • No labels