Knowledge-Based Authentication

What Does Knowledge-Based Authentication Mean?

Knowledge-based authentication (KBA) is a security measure that identifies end users by asking them to answer specific security questions in order to provide accurate authorization for online or digital activities. Knowledge-based authentication has become prevalent in many different types of network setups and across the Internet, where companies often ask users to answer these questions in order to gain access to personal, password-protected areas of a site.


Techopedia Explains Knowledge-Based Authentication

Two common kinds of knowledge-based authentication are static KBA and dynamic KBA. In static knowledge-based authentication, the users themselves input answers to security questions when they set up a password-protected profile or system. Later, if they need to renew their password or prove their identity, they may be asked to provide the answers that they provided earlier. By contrast, dynamic KBA uses data mining systems to present users with questions that IT systems know the answer to, having previously gathered this data about a user. The challenges involved in accurate dynamic KBA have led many companies to use static KBA instead. In many cases, knowledge-based authentication is used as part of multi-factor authentication, where other types of security processes like IP checking may also be used.

The idea behind KBA is that by selecting questions that only the target individual would know the answers to, systems can verify whether a user is the legitimate owner of a password-protected area or not. Although KBA can be an effective way to manage authorization for individual users, there are also critical concerns about privacy that have been raised around the idea of using this kind of personal information for online or network security.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.