Definition
Authentication mechanism that adjusts MFA challenges based on real-time risk signals — device trust, location, behavior, threat intelligence. Low-risk sessions may skip MFA entirely (passwordless); medium-risk triggers push notification; high-risk requires hardware token or biometric verification. Improves UX while maintaining security.
- Synonyms
-
- Adaptive Multi-Factor Authentication
- Conditional MFA
- Application
- Regulatory: NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- NIST
Related terms
-
Authentication (AuthN)
Process of verifying that a principal is who they claim to be. Three classic factors: knowledge (password, PIN), possess …
-
Authentication Information
Data the principal uses to prove identity during authentication — passwords, OTP codes, biometric templates, FIDO2 crede …
-
Continuous Authentication
Authentication paradigm verifying user identity continuously throughout a session, not just at login. Uses behavioral bi …
-
Credential
Data presented to authenticate or authorize — password, token, certificate, biometric, API key. NIST SP 800-63 distingui …
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
-
Ephemeral Identity
Workload or AI agent identity with very short lifetime — created on-demand for a specific task or session, destroyed whe …