Sizing Up the Role of Adaptive AuthenticationPanjwani, CISO and IT Controller at LTI, on Enhancing Security
"So when the risk score is on the lower side, you might allow the user to authenticate with username and password," he says in an interview with Information Security Media Group. "If the risk score is coming to the medium risk range, you might want to go ahead and say, 'I might want to give an SMS to the user to authenticate with a second factor.'"
For those with the highest risk scores, he says, requiring biometric authentication may be appropriate. (See: Should India's Banks Drop User-Based OTPs?)
Organizations need to adopt more sophisticated authentication, Panjwani says, because attackers are attempting to compromise identities "to ensure that they can go under the radar."
In this interview (see audio link below image), Panjwani also discusses:
- Whether the adaptive authentication model can be replicated across industries;
- The differences between risk-based authentication and adaptive authentication;
- Authentication implementation challenges at the enterprise level.
Panjwani, CISO and IT Controller at LTI, has more than 18 years of varied experience in IT and information security. Previously, he was director of information security at FIS.