Continuous Authentication
What is Continuous Authentication?
Continuous AuthenticationAn approach that keeps validating a user's identity throughout the session — using behavioral and device signals — rather than authenticating only once at login.
Continuous authentication treats identity assurance as an ongoing process. After the initial sign-in, the system constantly evaluates signals — keystroke dynamics, mouse movement, touch pressure, gait, device posture, network changes, geolocation drift — and updates a confidence score. When the score drops, the session is either downgraded (read-only, prompts for step-up) or terminated. The model is central to zero-trust reference architectures such as NIST SP 800-207, and it underpins Continuous Adaptive Risk and Trust Assessment (CARTA) as defined by Gartner. Vendors like BehavioSec, IBM Trusteer, BioCatch and Microsoft Conditional Access deliver continuous evaluation, including the OpenID Continuous Access Evaluation Profile (CAEP) used to revoke OIDC sessions in near real time when posture changes.
● Examples
- 01
A bank app that locks the session when the user's typing rhythm differs from their learned baseline.
- 02
Microsoft Entra Continuous Access Evaluation that revokes a token within seconds when an admin disables the account.
● Frequently asked questions
What is Continuous Authentication?
An approach that keeps validating a user's identity throughout the session — using behavioral and device signals — rather than authenticating only once at login. It belongs to the Identity & Access category of cybersecurity.
What does Continuous Authentication mean?
An approach that keeps validating a user's identity throughout the session — using behavioral and device signals — rather than authenticating only once at login.
How does Continuous Authentication work?
Continuous authentication treats identity assurance as an ongoing process. After the initial sign-in, the system constantly evaluates signals — keystroke dynamics, mouse movement, touch pressure, gait, device posture, network changes, geolocation drift — and updates a confidence score. When the score drops, the session is either downgraded (read-only, prompts for step-up) or terminated. The model is central to zero-trust reference architectures such as NIST SP 800-207, and it underpins Continuous Adaptive Risk and Trust Assessment (CARTA) as defined by Gartner. Vendors like BehavioSec, IBM Trusteer, BioCatch and Microsoft Conditional Access deliver continuous evaluation, including the OpenID Continuous Access Evaluation Profile (CAEP) used to revoke OIDC sessions in near real time when posture changes.
How do you defend against Continuous Authentication?
Defences for Continuous Authentication typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Continuous Authentication?
Common alternative names include: Continuous identity verification, Session-long authentication.
● Related terms
- identity-access№ 015
Adaptive Authentication
An authentication approach that adjusts the strength and number of factors required in real time based on signals such as device, location, and behavior.
- identity-access№ 090
Behavioral Biometrics
A continuous-authentication technique that profiles unique user behaviors — typing rhythm, mouse movements, gait, or touchscreen gestures — to detect impostors.
- identity-access№ 940
Risk-Based Authentication (RBA)
An authentication strategy that computes a real-time risk score for each sign-in and varies the response — allow, challenge, or block — based on that score.
- identity-access№ 1103
Step-Up Authentication
A pattern that requires additional or stronger authentication factors when a user attempts a higher-risk operation than their current session was originally authorized for.
- identity-access№ 1018
Session Management
The set of controls that issue, maintain, refresh, and revoke an authenticated session, binding a user's identity to subsequent requests until logout or expiration.
- defense-ops№ 1189
UEBA (User and Entity Behavior Analytics)
A detection technology that profiles normal behavior of users and entities, then surfaces statistical or machine-learning anomalies that may indicate compromise or insider risk.