Continuous authentication is defined as a method of identity confirmation on an ongoing basis. Instead of a user simply being logged in once, the authentication mechanism continues to re-verify the identity of the session user even after logging in. In this method, the computer would send continuously search for the presence of the token's signal within the immediate proximity. If the token is no longer present, the computer will automatically lock.
How does continuous authentication work? An example of continuous authentication: a user logs in with 2FA (a PIN and token), but then the continued presence of the token (one of the factors) must constantly be checked for to keep the session active. If there is no authentication factor present anymore, the system should lock instantly.
Unlike one-time authentication (static authentication), which is going through a checkpoint only once, continuous authentication is the checkpoint continuously following everyone until they leave the secure area. The authentication mechanism will not interrupt the workflow of users after logging in. Constantly logging in is a significantly stronger security mechanism that is proactive rather than reactive or just redundant. But the problem is that constantly logging in and out becomes very stressful for the user. Password fatigue increases from constant password typing.
Authenticating continuously has major advantages over authenticating just once, especially since the system will lock itself as soon as a user is no longer present - leaving little room for unintended data exposure/theft. Inactivity timeouts are generally used to lock the system after a user leaves, but the system is left vulnerable to account takeover (ATO) and all associated risks.
Proximity is an excellent method of continuing authentication because not input is required on the user's part. Imagine having to scan your fingerprint every 15 minutes or typing the same password dozens of times a day. This can all be avoided by using proximity as your method of authentication.
Continuous authenticaiton; continuing authentication; What's continuous authentication?; What is continuing authentication?; continuous authentication definition?; continuous authentication defined; definition continuous authentication; account takeover risks; fighting ATO; combatting ATO; fight ATO; redundant security; continuing authentication after 2FA; continuing authentication after MFA; constant authentication; how does continuous authentication work?; how continuous authentication works;