Risk-based, or adaptive authentication grew out of the recognition that single- and multiple-factor authentication methods were based on an erroneous assumption: that identity could be absolutely confirmed and, once confirmed, used as a basis of trust for all subsequent access decisions for the authenticated identity. It is clear that even the most robust multifactor authentication mechanisms do not give this level of assurance, though certainly one-time password methods are still most effective in approaching that goal.
In order to address this inherent limitation, adaptive approaches were developed that…