"One company developing continuous authentication software is Acceptto and one of its early investors and adopters is Aetna, which has decided that 2FA isn’t enough to combat new threats such as session hijacking, spear phishing and 2FA code spoofing. According to Aetna’s CSO, Jim Routh (emphasis added),
We’re moving into a realm of continuous, behavioral-based authentication, where we know enough about the end user, their use of technology, and their behavior that we can develop a mathematical representation of that. Then, we can measure their actual behavior against that mathematical representation, see what the variance is between the two, calculate that in a risk score, and the risk score feeds the app that provides access based on what that risk score is, and then, different apps can make different decisions based on different thresholds. So essentially, it’s a continuous authentication process."