Step-Up Authentication

Step-up authentication raises the bar for a specific action rather than for every login. A customer can browse and use most of a product with a light session, then be asked for an extra factor, such as a passkey or a one-time code, when they try something sensitive like changing payment details, making a large transfer, or updating account recovery settings.

This keeps everyday use low-friction while protecting the moments that matter. It pairs naturally with adaptive authentication, where the risk of the action and the context decide whether a step-up is required.

For CIAM, step-up is a practical way to apply strong authentication selectively, concentrating protection on high-value operations without forcing the strongest checks on every interaction.

Sources

• NIST SP 800-63B, Authentication and Lifecycle Management: https://pages.nist.gov/800-63-3/sp800-63b.html