In a traditional approach to authentication, a user must provide all required elements with perfect accuracy to be authenticated and permitted access. For example, a user who provides a correct pin or password may be granted access to a computer system. Otherwise, when all required elements of an authentication method are not met, an authentication attempt fails and a user is denied access.
The foregoing authentication approach can be frustrating to a user who, for example, accidentally mistypes a character on a mobile device or forgets to enter a portion of a password in the correct format (e.g., case-sensitive characters). In addition, other forms of authentication methods, such as voice recognition, retinal scanning, facial recognition, and fingerprint scanning have varying levels of matching, which do not fit within the current “all or nothing” authentication paradigm. Further, traditional authentication methods can be exploited by unauthorized parties who, for example, may capture a single piece of authentication information to gain access to an entire system.
Accordingly, there is a need for a more flexible approach to authentication that may take into consideration the risk level associated with a particular activity and various forms of known or ascertainable behavioral information associated with a user.