Knowledge-based authentication is a process based on a series of knowledge questions used to identify a person’s identity to avoid access by an unauthorized person to a place or an account. It is also known as KBA. This type of authentication is based on the knowledge of information. And also that the only valid owner of an account would be able to answer the questions.
Knowledge-based authentication Has been used for the past few years, especially during the password reset or account recovery processes. It creates a high Friction for users and is also susceptible to vulnerabilities. These questions can be anything from personal information to more complicated information.
Types of Knowledge-Based Authentication
There are two types of authentication based on the usage or performance. Let us briefly understand both of them:
Dynamic KBA
- This is used to verify a person’s identity and does not require the user to define a Security question and provide the answer when creating an account. It means that the questions are generated in real time from information related to the ID number and are not available in the individual’s wallet. Because of this, it is also called out-of-wallet questions.
- Let us look at one example of a dynamic KBA: Select one of the correspondences of your last purchase on your credit card.
Static KBA
- This is one of the most used security processes known as shared secrets. This is a knowledge-based authentication. Select and answer some questions that will be asked later when you want to access your account or change your password.
Some examples of this are:
- What is your favorite teacher’s name?
- What is your favorite singer’s name?
- Where did you go for your last summer vacation?
Remember that these authentication questions are publicly available online and quickly found, especially with so much private data on social media. So you need to select and answer the questions mindfully that cannot be used against you in the future.