knowledge-based authentication (KBA)

Knowledge-Based Authentication (KBA) is a knowledge-based authentication concept in which the user must answer at least one secret personal question before he can change his user accounts or password. This technique is commonly used in Multifactor Authentication( MFA) or password queries.

The questions used in the KBA technique should be about something that the user can remember well, they should have only one correct answer that cannot be determined by weighing or research. Once a secret question can be answered by another person, this confirms his identity.

There are static and dynamic KBA questions. In the case of static KBA questions, the user makes a pre-selection and provides these with the correct answers. The questions with the correct answers are stored on an authentication server and are used for later identification. Typical static KBA questions relate to the private environment and could read: What is your grandmother's first name on your mother's side? or: Where did you get married?

With dynamic KBA questions, the user does not know the question. The questions/answers are determined from public records. For example: What was their house number in 2010? Or: What was their license plate number in 2012?