The article discusses the development and justification of a Zero-Touch framework for multi-level authentication, which provides a dynamic balance between user convenience and security reliability when performing operations of varying risk levels. The relevance of the study is determined by the need to minimize user friction without reducing the level of protection, which requires new models of adaptive authentication. The paper aims to develop and methodologically substantiate a Zero-Touch framework that automatically strengthens authentication checks only when risk increases, relying on session context (behavioral, network, and hardware parameters) and the regulatory requirements of NIST SP 800-63B, PSD2, and GDPR. This approach eliminates unnecessary steps for low-risk operations and ensures a reliable escalation process for critical actions. The novelty of the proposed approach lies in the integration of four asynchronous layers (risk assessment engine, Policy Decision Point, user journey orchestrator, and log analytics) with a three-level risk gradation, aligned with AAL1–AAL3. The innovative architecture ensures a seamless user experience, invisible blocking of suspicious requests, and selective strengthening of factors for only a fraction of operations, which fundamentally differs from the static schemes of traditional MFA. Results of piloting the Zero-Touch framework were a jump in authentication accuracy to 86% with only 12% false positives, a System Usability Scale rating well above 80 points, plus five percentage points added to critical transaction conversion, and reduction of incident response time to minutes while maintaining validation delays at 5–7 seconds even when it has to be escalated. This article is intended for researchers and developers of information security systems, digital service architects, and compliance specialists.

Zero-Touch authentication, multi-level authentication, risk-oriented control, frictionless security, context-aware MFA

Bonderud, D. (2024, August 13). Cost of a data breach in 2024 for the financial industry. IBM. https://www.ibm.com/think/insights/cost-of-a-data-breach-2024-financial-industry

Cyber Readiness Institute. (2024, November 13). New Study Underscores Slow Adoption of Multifactor Authentication By Global SMBs. Cyber Readiness Institute. https://cyberreadinessinstitute.org/news-and-events/new-study-underscores-slow-adoption-of-multifactor-authenification/

EDPB. (2024). Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models. EDPB. https://www.edpb.europa.eu/system/files/2024-12/edpb_opinion_202428_ai-models_en.pdf

European Banking Authority. (2024). Response to the discussion on RTS on strong customer authentication and secure communication under PSD2. European Banking Authority. https://www.eba.europa.eu/eba-response/340

Fereidouni, H., Senhaji, H., Abdelhakim, Makrakis, D., & Baseri, Y. (2024). F-RBA: A Federated Learning-based Framework for Risk-based

Authentication. Arxiv. https://doi.org/10.48550/arxiv.2412.12324

Glavin, L. (2023, December 8). FIDO Authentication Adoption Soars as Passwordless Sign-ins with Passkeys Become Available on More than 7 Billion Online Accounts in 2023. FIDO Alliance. https://fidoalliance.org/fido-authentication-adoption-soars-as-passwordless-sign-ins-with-passkeys-become-available-on-more-than-7-billion-online-accounts-in-2023/

Grand View Research. (2025). Zero Trust Security Market Size. Grand View Research. https://www.grandviewresearch.com/industry-analysis/zero-trust-security-market-report

Grassi, P. A., Fenton, J. L., Newton, E. M., Perlner, R. A., Regenscheid, A. R., Burr, W. E., Richer, J. P., Lefkovitz, N. B., Danker, J. M., Choong, Y.-Y., Greene, K. K., & Theofanos, M. F. (2017). Digital Identity Guidelines: Authentication and Lifecycle Management. NIST Special Publication 800-63B. https://doi.org/10.6028/nist.sp.800-63b

Hurley, B. (2024, June 27). Push notification attacks are up. IT Brew. https://www.itbrew.com/stories/2024/06/27/push-notification-attacks-are-up-but-so-is-mfa-adoption

Jadhav, A. (2024, September 27). Weak login authentication methods are the norm at work and home. Biometric Update. https://www.biometricupdate.com/202409/weak-login-authentication-methods-the-norm-at-work-and-home-report

Kandula, S. R., Kassetty, N., Alang, K. S., & Pandey, P. (2024). Context-Aware Multi-Factor Authentication in Zero Trust Architecture: Enhancing Security Through Adaptive Authentication. International Journal of Global Innovations and Solutions (IJGIS). https://doi.org/10.21428/e90189c8.f525ef41

Lewis, J. (2018). Item Benchmarks for the System Usability Scale. Journal of User Experience. https://uxpajournal.org/item-benchmarks-system-usability-scale-sus/

Lyastani, S. G., Backes, M., & Bugiel, S. (2023). A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. Proceedings 2023 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2023.23362

Microsoft. (2024). Anatomy of a modern attack surface. Microsoft. https://www.microsoft.com/en-au/security/security-insider/emerging-threats/anatomy-of-a-modern-attack-surface

Okta. (2025). Okta Secure Identity Commitment Whitepaper. Okta. https://www.okta.com/sites/default/files/2025-03/Secure-Identity-Commitment-Whitepaper-March-2025.pdf

Olateju, O. O., & Okon, S. U. (2024). Combating the Challenges of False Positives in AI-Driven Anomaly Detection Systems and Enhancing Data Security in the Cloud. Asian Journal of Research in Computer Science, 17(6), 264–292. https://doi.org/10.9734/ajrcos/2024/v17i6472

Ping Identity. (2024, September 25). Ping Identity Survey Finds 87% of Consumers Concerned About Identity Fraud, as AI Sparks Hesitation. PR Newswire. https://www.prnewswire.com/news-releases/ping-identity-survey-finds-87-of-consumers-concerned-about-identity-fraud-as-ai-sparks-hesitation-302257987.html

Saleem, J., Raza, U., Hammoudeh, M., & Holderbaum, W. (2025). Machine Learning-Enhanced Attribute-Based Authentication for Secure IoT Access Control. Sensors, 25(9), 2779. https://doi.org/10.3390/s25092779

Wiefling, S., Dürmuth, M., & Lo, L. (2021). What’s in Score for Website Users: A Data-driven Long-term Study. Risk-based Authentication Characteristics. https://riskbasedauthentication.org/download/rba-characteristics-paper.pdf