Choose Index below for a list of all words and phrases defined in this glossary.

Knowledge Based Authentication (KBA)

index | Index

Knowledge Based Authentication (KBA) - definitions

Knowledge Based Authentication (KBA) - A method to authenticate an individual based on knowledge of personal information, substantiated by a real-time interactive question and answer process.

[Category=Geospatial ]

Source: RSA, 18 August 2011 09:13:04, External 

These advertisers support this free service

knowledge-based authentication (KBA) - Knowledge-based authentication (KBA) is an authentication scheme in which the user is asked to answer at least one "secret" question. KBA is often used as a component in multifactor authentication (MFA) and for self-service password retrieval.

Secret questions can be static or dynamic. In a static scheme, the end user pre-selects the questions he would like to be asked and provides the correct answers. The question/answer pairs are stored by the host and used later to verify the end user's identity. In a dynamic scheme, the end user has no idea what question will be asked. Instead, the question/answer pairs are determined by harvesting data in public records.

KBA questions can be factual, like "What city were you born in?" or "What color Ford Mustang was registered to you in New York State in 2002?" or they can be about preferences, like "What is your favorite food?" or "Who was your favorite teacher?" Both static and dynamic schemes rely on the assumption that if someone knows the correct answers to the secret questions, their identity has been confirmed.

Related glossary terms: RSA algorithm, data key, greynet (or graynet), spam cocktail (or anti-spam cocktail), fingerscanning (fingerprint scanning), munging, insider threat, authentication server, defense in depth, nonrepudiation / non-repudiation

[Category=Data Management ]

Source:, 21 August 2013 09:02:58, External  



Data Quality Glossary.  A free resource from GRC Data Intelligence. For comments, questions or feedback: