RBA
Risk-Based Authentication dynamically evaluates the risk level of each login attempt and adjusts authentication requirements accordingly — low risk gets frictionless access, high risk gets challenged.
⚙️ How Does It Work?
A risk engine scores signals: device fingerprint, IP reputation, geolocation, time of day, behavioral patterns, and threat intelligence. The score determines the response: allow, challenge, or block.
📍 Where Is It Used?
Banking apps, enterprise IAM, e-commerce fraud prevention, Zero Trust architectures.
💡 Real-World Example
A user logs in from his usual laptop in London at 10 AM — risk score 5 out of 100, single-factor login allowed. An hour later, a login from São Paulo on an unknown device — risk score 95, access blocked (impossible travel detected).
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →