Definition

knowledge-based authentication (KBA)

What is knowledge-based authentication?

Knowledge-based authentication (KBA) is an authentication scheme in which the user is asked to answer at least one "secret" question. KBA is often used as a component in multifactor authentication (MFA) and for self-service password retrieval.

Secret questions can be static or dynamic. In a static scheme, the end user pre-selects the questions he would like to be asked and provides the correct answers. The question/answer pairs are stored by the host and used later to verify the end user's identity. In a dynamic scheme, the end user has no idea what question will be asked. Instead, the question/answer pairs are determined by harvesting data in public records.

KBA questions can be factual, like "What city were you born in?" or "What color Ford Mustang was registered to you in New York State in 2002?" or they can be about preferences, like "What is your favorite food?" or "Who was your favorite teacher?" Both static and dynamic schemes rely on the assumption that if someone knows the correct answers to the secret questions, their identity has been confirmed.

Learn more

Josh Levin explores the problems that KBA poses for end users in the article "In What City Did You Honeymoon?"

Expert Joel Dubin answers the question "Are knowledge-based authentication systems doing more harm than good?"

This was last updated in February 2009
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: