Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. Big online services (Google, Facebook, Amazon, LinkedIn) use this technology and also the NIST recommends it to mitigate credential stuffing attacks. However, there is a lack of open and freely available RBA solutions that foster widespread adoption of this technology. Such solutions could make it affordable and easier for small and medium websites to deploy RBA and, as a result, protect their users more effectively.
Task: Develop and implement an RBA solution that can be used as a plugin or addon for a widely-used open source software solution (e.g., e-commerce, cloud storage services, blogs)