We have updated our Terms of Service as of May 23, 2018 to comply with GDPR. Please review the updated terms and policies carefully to understand how it may impact you. X


Continuous Authentication

Move beyond only authenticating users at login with continuous verification of a user's identity throughout your application.

Whether we're talking about traditional authentication systems or those that use biometrics and tokens as a second factor of authentication, they all have the same shortfall. The problem is that user authentication only happens at login and most active sessions don't have a mechanism to detect if the current user is the same as the one that was originally authenticated.

ThisData provides a real-time Verify API that can be used to identify a user based on a behavioral profile which is refined during the usage of your application. By verifying the user before making critical actions in your application, you can mitigate the risks of session hijacking or Man in the Middle (MITM) attacks that may have happened since the user last authenticated.

For example, most internet banking applications only authenticate the user at login. This means that if a bad actor compromised a user session, they could take control of the account. If continuous authentication was implemented the hacker might be able to see account balances, but when they try to make a funds transfer they will fail the behavioral verification and be stopped in their tracks.


In order to build up a behavioral profile ThisData uses Machine Learning to continuously monitor many risk attributes, or what we call 'analyzers'. These include:

  • Unknown devices
  • High risk IP addresses
  • Suspicious login locations
  • Tor usage
  • Whitelist and blacklist countries
  • Velocity checking
  • Geo-location anomalies
  • Project Honey Pot
  • AlienVault Open Threat Exchange

Continuous Authentication Workflows

By using the ThisData Verify API your app can build workflows based on the risk that a user is no longer who they should be. If the risk for a user is moderate, you might ask them to re-confirm their identity through a Two Factor Authentication code. If the risk is extremely high you could kill their session and log them out.

Customized Security Workflows
Account Takeover
Two Factor Authentication
Continuous Authentication
Fraud Detection
Adaptive Authentication
Risk Scoring