← Lessons

quiz vs the machine

Gold1300

Security

Step Up Authentication

Requiring stronger proof only when an action is sensitive enough to need it.

4 min read · core · beat Gold to climb

Right Sized Friction

Step up authentication keeps everyday access smooth but demands a stronger factor right before a sensitive action, such as a wire transfer or changing security settings. It balances usability against the risk of a hijacked session.

How It Works

  • The user holds an ordinary session for low risk browsing.
  • A high value action triggers a fresh challenge, like a passkey tap or one time code.
  • The system records that this elevated assurance is valid for a short window.

Why It Helps

  • A stolen session alone cannot complete the most damaging operations.
  • It applies friction only where it pays off, improving overall adoption of strong auth.
  • Combined with risk signals, it can challenge only suspicious attempts.

Key idea

Step up authentication demands a stronger factor only for high risk actions, so a hijacked session cannot complete the most damaging operations.

Check yourself

Answer to earn rating on the learn ladder.

1. When does step up authentication add friction?

2. What attack does step up authentication blunt?