Doing security checks

Ongoing authentication through behaviour

Future pattern 🔮

A computer monitor with the path of the cursor outlined on screen.


Continue to authenticate a person’s identity after they’ve logged in by monitoring how they interact with a device. If someone is making a bank transaction and their mouse movements are different to normal, the transaction could be blocked or additional authentication requested.

IF thinks that this pattern can enhance existing authentication methods without adding more friction for the user. People should have the option to opt-out. Rather than running in the background, it should be clearly indicated so people know it’s happening, as it could be misused to gather additional data.


  • Helps spot an attacker even if they have gotten through other sign-in methods.


  • Must be used with other sign-in authentication patterns (only authenticates someone after they’ve signed in).
  • Could be used to extract other data about people, like website usage analytics.