What is risk-based MFA?
Risk-based multi-factor authentication (MFA) is an advanced security feature aimed at protecting user accounts from unauthorized access. Instead of requiring additional verification for every sign-in attempt, the system evaluates the risk level of each sign-in and prompts for authentication only when necessary. This approach enhances security while minimizing inconvenience for users.
How does risk-based MFA work?
When you sign in to your account, the system analyzes various factors to determine the likelihood that this attempt is legitimate. If the system detects unusual activity or potential threats, it requires additional verification, such as entering a one-time code from the authenticator app or an email.
Factors considered in risk assessment
To determine the risk level of a sign-in attempt, the system examines several criteria, including:
- Location: Signing in from a familiar location may be considered low risk, while a sign-in attempt from an unusual or distant location raises the risk level.
- Device: If you're using a trusted device from which you've signed in before, the risk is lower. New or unfamiliar devices may trigger additional verification.
- Network: Signing in from a known, secure network (such as your home or office) is typically low risk, whereas signing in from public Wi-Fi or anonymous networks (like VPNs or Tor) is seen as more risky.
- Sign-in behavior: The system detects unusual behavior, such as rapid sign-in attempts from different locations or failed password attempts, which could indicate an attempted attack.
- Compromised credentials: If your sign-in details have been found in a data breach, the system may flag your account as high risk and require additional authentication steps.
Understanding risk levels
Risk-based MFA categorizes sign-in attempts into three levels based on the likelihood of an unauthorized access attempt:
| Low risk | The sign-in attempt matches typical behavior patterns (usual location, trusted device, and familiar network). No additional authentication is required. |
|---|---|
| Medium risk | Some anomalies are detected, such as a new device or signing in from an unfamiliar location. MFA may be required to verify the user’s identity before granting access. |
| High risk | Strong indications of a security threat, such as signing in from known compromised IP addresses, multiple failed authentication attempts, or leaked credentials. MFA is required, and in some cases, access may be temporarily blocked until additional verification steps are completed. |
How does this benefit you?
Risk-based MFA helps keep your account secure while reducing unnecessary interruptions. By only prompting for additional authentication when a risk is detected, users can sign in quickly and safely under normal conditions while still having strong protection against suspicious activity.
Best practices for a secure sign-in experience
To ensure a secure sign-in experience, follow these best practices:
- Use trusted devices whenever possible.
- Avoid signing in from public or untrusted networks.
- Enable notifications for sign-in attempts to detect any suspicious activity.
- Use strong passwords and regularly update them.
- If prompted, follow the verification process to ensure your account remains protected.