Knowledge-Based Authentication (KBA)
Definition - What does Knowledge-Based Authentication (KBA) mean?
Knowledge-based authentication (KBA) is a security measure that identifies end users by asking them to answer specific security questions in order to provide accurate authorization for online or digital activities. Knowledge-based authentication has become prevalent in many different types of network setups and across the Internet, where companies often ask users to answer these questions in order to gain access to personal, password-protected areas of a site.
Techopedia explains Knowledge-Based Authentication (KBA)
Two common kinds of knowledge-based authentication are static KBA and dynamic KBA. In static knowledge-based authentication, the users themselves input answers to security questions when they set up a password-protected profile or system. Later, if they need to renew their password or prove their identity, they may be asked to provide the answers that they provided earlier. By contrast, dynamic KBA uses data mining systems to present users with questions that IT systems know the answer to, having previously gathered this data about a user. The challenges involved in accurate dynamic KBA have led many companies to use static KBA instead. In many cases, knowledge-based authentication is used as part of multi-factor authentication, where other types of security processes like IP checking may also be used.
The idea behind KBA is that by selecting questions that only the target individual would know the answers to, systems can verify whether a user is the legitimate owner of a password-protected area or not. Although KBA can be an effective way to manage authorization for individual users, there are also critical concerns about privacy that have been raised around the idea of using this kind of personal information for online or network security.