Latest News

Auth0 launches Adaptive MFA security feature

Identity platform Auth0 has launched its new Adaptive Multi-factor Authentication (MFA) solution that is designed to help reduce the threat of hacks and data breaches.

Adaptive MFA helps companies address the inherent challenges of enabling security while preserving user experience. Unlike traditional MFA, which is triggered upon every login attempt and creates an additional step for the end user, Adaptive MFA only appears when a login is deemed risky.

This is calculated by an overall risk score that measures abnormal behaviour from known devices, impossible travel, and/or IP reputation. With Adaptive MFA, end users are only asked for secondary authentication when behavioural signals do not conform to the usual patterns for a particular user.

For example, if a user normally signs into their account at the same time every morning in London from a personal laptop, Adaptive MFA would only present a second factor authenticator if logins were attempted outside of the region, usual timeframe, or from a different computer or IP address. Developers can determine how much weight each signal is given to define the risk score that sets off the trigger.

“Auth0’s mission is to provide secure access for everyone. Securing identities is core to that mission and this new capability adds to the already powerful features in our security profile, designed to counter a variety of sophisticated threats, such as automated attacks, account takeovers, and phishing attacks,” said Shiven Ramji, Chief Product Officer at Auth0.

Many companies are reluctant to implement MFA—proven to be an effective defence against account hacking attacks—out of fear of negatively impacting user experience and thus their conversion and retention performance. However, additional friction during the signup, login, or checkout experiences can affect user conversion/retention, resulting in lost sales, and can potentially increase support incidents.

“Adaptive MFA should be a key consideration for any enterprise that has previously had to make a trade-off between security and user experience. The ability to reduce friction while increasing security is a competitive differentiator for our customers,” concluded Ramji.