Risk-based authentication takes one or more pieces of context information into account to assess the current risk. The authentication process can then be influenced based on the assessed risk. It can be used, for example, to omit the second factor in low-risk situations, deny access altogether in very risky situations, or choose a different path in the authentication flow.
Simple example usage (flow-based authentication):