Contextual and Adaptive Authentication Layers:
NoPassword verifies whether the workstation is a known device and has been previously used. It’s also important to ensure the user is authorized to use the workstation for accessing assigned resources. Device profiling is also performed to recognize whether the workstation based on its hardware configurations, IP address, screen resolution, language and installed fonts, etc.
Given a number of vulnerabilities and threats occurs at the browser level, NoPassword also verifies the user’s browser to ensure it’s a recognized browser and also the health of the browser. Browser profiling is based on a variety of factors such as browser configuration, history, cookies, plugins, etc.
Mobile Device Verification
Given smartphones are the primary authentication device in NoPassword solution, NoPassword uses several proprietary techniques to verify the smartphone and its health. NoPassword monitors smartphone health, applications installed, key storage and key management, screen size, received signals, etc. NoPassword also extracts several token and monitor changes in connected network, surrounding signals, and device ID.
NoPassword monitors networks which are connected to users’ devices as a critical factor. If the user is connected via an internal trusted network of your organization, the authentication request is considered to be less risky comparing to when the user is connected to an unsecure or public network such as a coffee shop or a hotel. Changes in the network and its security must be reflected on the authentication process and level of access that the user has.
Signals, including Wi-Fi and BLE, received by the user’s workstation and mobile device are monitored by NoPassword. Velocity and changes in these signals can reflect a change in the user’s environment, consequently changing the level of risk.
Using a wide range of technologies such as Wi-Fi, BLE, and NFC, NoPassword solution leverages proximity of user’s devices as a factor for authentication. For example, if the user’s smartphone is used as the primary method of authentication, the smartphone must be in proximity of the workstation that user tries to gain access from.
Trusted zones can be assigned so that users can securely access their account from and perform their tasks. There may be sensitive applications that must be limited to certain geo-location. There are also locations that you may prefer to limit all the access from (e.g. sanctioned countries). NoPassword allows you to define risky locations and trusted locations statically. As users use NoPassword, its Artificial Intelligence discovers new risky locations, zones, and regions and limits access.
Initially defining and later detecting risky IP addresses is another part of NoPassword contextual and adaptive authentication. New IP addresses may be authorized but limited in terms of accessing applications and performing sensitive tasks, such as online transactions. If you are receiving requests that are rejected or blocked by your users, NoPassword Artificial Intelligences learns to treat these requests with caution.
If users who normally access their account during a specific time range or for a relatively regular duration of time, and they request to access their account at an unusual point of time or for a significantly longer duration, it alerts NoPassword as a suspicious request. For instance, if a user regularly accesses a certain application during working hours, a request to access that application at 2:00am is alerted asa risky request.
Predefined Access Policies
Static authentication policies defined by the admin is a good start for contextual and adaptive Authentication. While users are normally granted access to unsensitive applications from a wider range of locations, times, and IP addresses, there might be more sensitive applications that require tighter policy. NoPassword adaptive and contextual authentication allows to limit user’s access to sensitive content and application to certain geo-location (e.g. physical office), from limited trusted IP range, and during a certain period of time.
Comparing IP, GPS, and Wi-Fi location information are other factors that are used by NoPassword contextual and adaptive authentication. Significant changes in user’s location, especially in a short period of time, can result in access denial. For instance, if a user logs into their account from their New York office, the same user must not be granted access from Los Angeles within the next 4 hours.
Identity Profile, Access, and Policy
When a user tries to access their account and their profile varies from other user’s profile structure, the user might have been created for intrusion. For example, if all users are a member of the security group and Organizational Unit, and have assigned roles, and if a user with no role or membership is detected, such a user’s access must be suspended. Another example is a user with unusual extensive privileges or entitlements which can be a risky user.