Adaptive, multi-factor authentication as a service for web applications

Abstract

With the recent growth of Internet of Things (IoT), cloud platforms and, consequently, the exponential increase in online exchanges encompassing sensitive information pertinent to users, it has become necessary to implement strong authentication methods to minimize the risk of user impersonation and, consequently, enhancing the protection of private information. In this paper, a solution is proposed which employs risk assessment aligned with a Multi-Factor Authentication (MFA) system, in a platform that can be easily integrated in applications in order to delegate the authentication process to an external platform. While pushing forward the concept of Adaptive Authentication as a Service, the main goal is to protect against user impersonation and illegitimate access to accounts, while keeping the intrinsic protection of MFA systems and rendering phishing attacks inconsequential with the aid or risk-based adaptability.