December 1, 2023

MFA requirement is an important criterion for implementing zero trust that blocks unauthorized access. MFA forces trusted employees to jump through hoops with one-time passwords and passcodes before they can log in to the apps they need, which seen as inconvenient.

The new risk-based authentication approaches from Cisco Duo announced today aim to address the inconvenience of MFA by providing a login process tailored to each individual user.

Cisco Duo has the ability to adjust authentication requirements for users in real-time based on contextual risk. The solution uses an machine learning -based risk analysis engine to dynamically assess risk based on user signals such as location, behavior, security posture of the device, the Wi-Fi network and the use of known attack patterns.


This will enable low risk users to log in with a simple authentication process that can meet the needs of a zero trust environment, while giving high risk users additional steps in the form of one-time passcodes or biometric login data to reduce the chance of breaches.

Last year, Microsoft’s Cyber Signals report revealed that just 22% of Azure Active Directory identities utilize MFA, instead choosing only to authenticate with a username and password.

Risk-based authentication aims to remedy this issue by keeping the logging process as light as possible, unless there are contextual factors that warrant a more extensive login process. In short, it offers a more practical way to implement zero trust than traditional MFA.

Risk-based authentication (RBA) enables a friendly implement of the zero trust principles of ‘never assume trust’ and ‘always verify’.’ That fulfills the Zero Trust basic criteria.

Cisco Duo will assess risk and adjust authentication requirements based on the level of risk, rather than asking users to reauthenticate each time they request to access a resource. Likewise, it can also request phishing resistant FIDO2 security keys or biometric login if the connection is high risk.


Cisco’s Duo complies with the risk-based authentication market, which researchers valued at $3.23 billion in 2020 and predicted to reach $9.41 billion by 2026 as more organizations look to make MFA user-friendly and implement zero trust.

Other vendors like Microsoft and Okta, experimenting with the adaptive risk base authentication. Cisco’s risk-based authentication is differentiated from other vendors due to its focus on user privacy and its unique use of behavior signals.

Leave a Reply

%d bloggers like this: