Steven Leung

Evaluating Risk-Based Authentication Effectiveness in Production 2FA Systems (video, pdf)

Speaker: Steven Leung

Author(s): Steven Leung

Abstract: This study provides the first large-scale empirical evaluation of Risk-Based Authentication (RBA) effectiveness in production two-factor authentication (2FA) systems against real-world opportunistic, targeted, and advanced attacks. It demonstrates how heuristic and anomaly detection methods improve security while maintaining user experience.