Users often log onto computers, networks, and websites. In so doing, users may be asked to authenticate their identity, e.g., by providing a username and password, or by other known authentication techniques. However, risk factors related to authenticating users may change over time, and a static authentication policy is insufficient to maintain a desired level of security under changing conditions.