Rethinking IAM: Continuous Authentication as a New Security Standard


Multiple surveys show that people don’t take the security of their login credentials and personal devices seriously enough. According to a survey by Intermedia, nearly 50 percent of respondents admitted sharing their logins with multiple users. In a second survey, conducted by B2B International and Kaspersky Lab, over 30 percent of respondents said they don’t take any precautions for protecting their personal data when sharing internet-enabled devices with relatives, friends, and colleagues.


These findings make us wonder whether it’s enough to confirm a user’s identity only when they log into the system. Should this be a repeated procedure? And if so, how can we turn one-time authentication into a continuous process that ensures both data protection and an uninterrupted workflow? Deploying identity management software and, specifically, continuous authentication might be the answer.


What is continuous authentication?


There are three main characteristics of secure authentication:

  • Pervasive – ensures secure access across the network for all users, applications, and devices (both personal and corporate)
  • Connected – information needed for protecting critical assets can be shared across the security ecosystem
  • Continuous – data is collected, analyzed, and acted upon constantly, not just from time to time


Continuous authentication characteristics

Continuous authentication constantly measures the probability of a particular user being who they claim to be, thus authenticating the user not just once but continuously, throughout the whole session. The main idea of continuous authentication is to deliver smart and secure identity verification without interrupting the workflow.


This technology should be able to not only distinguish legitimate users from possible intruders but also to register unusual shifts in a user’s behavior and reverify identity if needed. To do so, an IAM solution with continuous authentication functionality should be able to:

  • constantly collect information about a user’s actions and establish patterns of regular behavior;
  • learn to distinguish between normal and abnormal behavior of a particular user based on collected data;
  • grant access to the system or request additional user identity verification based on analysis of user behavior.


At the same time, additional verification should only take place when there’s a real risk indicator so that users don’t waste their time repeating authentication procedures when they aren’t needed.


Read also: MITRE ATT&CK Recommendations for Insider Threat Mitigation


This is how it can work in practice: If you use the same device at the same location to log into the system, access the network at the same hours, and launch the same set of applications every day, the continuous authentication solution should be able to recognize this pattern and allow you access to the system with a minimal number of verification procedures. However, if you log in from a device that the IAM solution knows nothing about or try to access a critical application that you’ve never used before, it should be a red flag for the system to confirm that you’re really the person you claim to be.


Now let’s take a closer look at how continuous authentication works and what factors play a main role in this process.


How does continuous authentication work?


A user’s identity is usually verified with the help of one (single-factor authentication) or two (multi-factor authentication) out of three possible factors:

  • Something they know (login credentials)
  • Something they have (verified device)
  • Something they are (biometrics)


Continuous authentication verifies a user by who they are. Although instead of traditional biometrics such as retina and fingerprint scans, it uses so-called behavioral biometrics: behavior patterns that are unique for each person.


Behavioral biometrics uses machine learning technologies to continuously monitor and analyze a user’s behavior based on that user’s baseline behavior profile. This profile is based on three categories of factors:

  • Cognitive factors – eye-hand coordination, device interaction patterns, etc.
  • Physiological factors – hand used (right or left), arm size, strength of key presses, etc.
  • Contextual factors – location, time, device, etc.


In contrast to User and Entity Behavior Analytics (UEBA), behavioral biometrics focuses not only on what a user normally does but on how they do it. The most common example of behavioral biometrics is keystroke pattern: Each person has their own speed and rhythm for typing on a keyboard, clicking a mouse, and tapping a smartphone.


Other technologies in development include behavioral profiling with data collected from applications and sensors, such as webcams. Such technologies recognize a user by their face, looks, and micro-movements. For instance, this technology may analyze the color of users’ clothing or the way users hold their smartphone.


Based on this profile, the security solution can automatically and continuously check if there has been a switch of users for a particular device or web application. Such an approach allows detecting both actual human users who try to access the system from someone else’s device or account and malware like bots that use stolen credentials.


Continuous authentication vs MFA


Continuous authentication should be viewed as a supplement to and not a substitute for multi-factor authentication (MFA). The main goal of any MFA solution is to confirm that the person trying to access the system is who they claim to be, thus adding an extra layer of security for protecting your critical assets. The main problem is that a regular two-factor authentication solution won’t re-verify a user’s identity once the session is started.


Continuous authentication is meant to fill this security gap and make user identity verification an ongoing process throughout the entire session. With the help of continuous authentication, you can mitigate the risk of someone getting hold of a specific device or application after a user’s identity has been confirmed and access granted.


Continuous authentication is a process


However, continuous authentication can’t replace MFA as a security standard. And since continuous authorization technology is still in development, there are a lot of challenges to be dealt with, from gathering quality behavioral biometric data to lowering the number of false positives.


Finally, from the perspective of compliance with regulations and standards such as PCI DSS, MFA is a must-have component for identity and access management. Adopting MFA and secondary authentication is necessary for ensuring quality identity and access management and proper protection of your sensitive data.




As cybercriminals become more creative in their attacks, security specialists look for new ways of protecting critical data and improving access security. Continuous authentication is a new technology that changes the way we see authentication, turning it from a one-time procedure to an ongoing process.


Machine learning and behavioral biometrics are the two main technologies that enable continuous authentication. Continuous authentication has the potential to become a new gold standard for IAM, but it should not be seen as a substitute for such solutions as multi-factor and secondary authentication.


Our team constantly works on improving the IAM services Ekran System provides and offering a rich set of access management and user activity monitoring tools. Start your journey toward safer authentication with one-time passwords, secondary authentication, and, most importantly, our free two-factor authentication tool.