Risk-Based Authentication: Why Treating Every Login the Same is a Security Risk
The first is a senior analyst in your Delhi office, logging in from her usual workstation, on the corporate network, using the same device she has used every working day for three years. The second is someone using that same analyst’s credentials, logging in from an IP address in Eastern Europe, at 2:30 AM local time, from a device that has never touched your network before. A conventional MFA system treats both logins identically. Both get the same authentication challenge. Both, if they can produce the right OTP or approval, get in.