Prevent automated sign-ins with behaviour analysis
Description
Stop automated access (by bots) by analysing data about interaction behaviour. It is also known as CAPTCHA, Completely Automated Public Turing test to tell Computers and Humans Apart.
An example of this could be analysing someones’ mouse movements or typing patterns to check it isn’t automated.
IF thinks that preventing automated sign-ins will become more difficult but also more critical, as machine learning algorithms improve. This pattern removes burden from people to verify they’re human but requires continuous data collection and monitoring. You should consider the risk of automated sign-ins with the impact of continuous data collection in context. It might not work if people use privacy-preserving features such as incognito mode. Alternatively, other patterns could be used to prevent automated sign ins, such as multi-factor authentication using text message or biometric authentication.
Read more: The inaccessibilities of CAPTCHA.
Advantages
- Reduces the impact of automated access to systems, such as denial of service, spam or fake users
- Behavioural analysis causes less friction than asking people to complete challenges
Limitations
- It’s not accurate enough yet on its own and is often combined with prevent automated sign-ins with image and audio challenges, which have accessibility issues.
- Requires access to large amounts of data for training behavioural analysis machine learning models.
- Relies on collecting data about people without them knowing.
Examples
-
Uses risk based analysis to detect abusive traffic on websites
-
An alternative to reCAPTCHA that also provides data labelling services for training data sets
Was this pattern useful?