If you’ve been used to entering an MFA code whenever you login, or you’re a new user wondering how to enable MFA, no need to worry. We’ve actually just switched over to Auth0’s Adaptive Multi-Factor Authentication (MFA), a security feature that adds an extra layer of protection to user accounts. Instead of prompting for a second verification step every time a user logs in, it only does so when the login attempt seems risky.
How it Works
Auth0’s Adaptive MFA assesses the risk of a login attempt by analyzing a combination of factors to determine a confidence score. If the score is low, indicating a high risk, the user will be prompted for an additional verification method.
Here are the key risk signals that Auth0 considers:
New Device: Auth0 checks if the user is logging in from a device that hasn’t been seen in the last 30 days.4 It identifies devices using the user agent and browser cookies.
Impossible Travel: This feature flags login attempts from geographically distant locations that would be impossible to travel to in the time since the last login.5 For example, if you log in from North America and then minutes later a login is attempted from Europe, it will be flagged as suspicious.
Untrusted IP Address: Auth0 maintains a list of IP addresses that have been associated with malicious activities like high-velocity attacks.6 If a login attempt comes from one of these IPs, it’s considered high-risk.
Again, Auth0 will dynamically prompt MFA if required. This process is actually considered more secure than traditional, ‘Always On MFA’. Here’s an article if you’re curious to read more: https://auth0.com/blog/auth0-introduces-adaptive-mfa/