Term · 28. International Regulations

Continuous Authentication

Term from Law

Definition

Authentication paradigm verifying user identity continuously throughout a session, not just at login. Uses behavioral biometrics (typing rhythm, mouse movements, touch patterns), device sensor data, network behavior, and access patterns to maintain confidence in user identity. Reduces dwell time of account takeover by detecting impersonation mid-session.

Synonyms

Behavioural authentication
Active authentication

Application: Regulatory: NIST SP 800-63 (Digital Identity Guidelines) · OWASP NHI Top 10 (2025) / SAMM

Standards & regulations

NIST
OWASP

Related terms

Risk-Based Authentication (RBA)

Authentication mechanism that calculates a risk score for each access attempt based on contextual signals — device, loca …
AI-Powered Session Termination

Use of machine learning to detect compromised or anomalous sessions and automatically terminate them mid-flight — withou …
Ephemeral Credentials

Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …
Login

Common term for the user-facing authentication interaction — entering credentials at a sign-in form. Modern patterns: pa …
Multi-factor Authentication (MFA)

Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
Non-Human Identity (NHI)

Identities for service accounts, API keys, OAuth client secrets, machine certificates, workload identities (AWS IAM role …

← Back to glossary · Open in main list