Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example. (arXiv:2303.12361v1 [cs.CR])

Online services have difficulties to replace passwords with more secure user
authentication mechanisms, such as Two-Factor Authentication (2FA). This is
partly due to the fact that users tend to reject such mechanisms in use cases
outside of online banking. Relying on password authentication alone, however,
is not an option in light of recent attack patterns such as credential
stuffing.

Risk-Based Authentication (RBA) can serve as an interim solution to increase
password-based account security until better methods are in place.
Unfortunately, …

2fa attack authentication banking cases credential credential stuffing fact factor online banking online services password password authentication passwords patterns reject risk risk-based authentication services use cases