Embodiments described herein are implemented in authentication brokering systems where an authentication broker issues security tokens that represent its authentications of users. Client devices operated by the users store the security tokens and send them to resource providers. The resource providers authenticate and grant access to the users based on validation of the security tokens. Authentication related messages exchanged between the resource providers and the authentication broker are used to exchange authentication risk data that is obtained or derived by the resource providers and the authentication broker. The resource providers obtain authentication risk data directly from the authentication broker and indirectly, via the authentication broker, from each other. As security tokens are used or managed, authentication risk data is shared among the participants in the authentication brokering system. The participants are able to modify their authentication procedures or make authentication decisions based on shared authentication risk data.