Glossary Term

Knowledge-based Authentication (KBA)

Knowledge-based Authentication, or KBA, is a method of authentication in which a user proves his or her identity by providing information that only he or she should know.

Two types of KBA are widely used. Static KBA, also known as "shared secret" authentication, refers to authentication in which the question and answer are known in advance by both the system and the authenticating user. Passwords and "secret questions" are examples of static KBA.

Dynamic KBA refers to authentication in which the questions asked by the system are not known beforehand to the authenticating user. Dynamic KBA typically draws on one or many public or private databases of commercial or biographical data, and asks for a combination of personal historical facts (former residences, types of automobiles owned, former employers, and so on) that only the correct user is likely to know.

In practice, static KBA is considered to be a very weak form of authentication, as shared secrets are easily lost or stolen, particularly when always provided in the same way at every login. Dynamic KBA may or may not be somewhat stronger, with relative strength depending on the database(s) from which questions are drawn and their status as publicly available data or non-public private data.

Dynamic KBA, however, also represents both a considerable privacy intrusion and considerable privacy risk in most cases, paritcularly when "more secure" private data is requested from authenticating users.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms

 

2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  

MORE DOWNLOADABLE REFERENCEs

PDF

2020 Authentication Guide

Summary of authentication recommendations from major standards bodies, plus Plurilock’s own recommendations.
PDF

White Paper: Advanced Authentication

The state of authentication today—and why you need Plurilock products.
PDF

Understanding MFA vs. Privacy

Is multi-factor authentication always good for privacy? See why it isn't, and which strategies make the grade.
PDF

Behavioral Biometrics Guide

The definitive guide to behavioral biometrics, a core Plurilock technology.

Stay informed. Join our low-volume mailing list for Plurilock and cybersecurity news and updates.

PLURILOCK IS THE LEADER IN ADVANCED AUTHENTICATION

Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.

Follow

        

Contact Plurilock

Have a question or comment? 

Plurilock Lead Capture Block

Welcome to Plurilock!

We’d love to hear about your interest in our products.

Great!

Okay, cool.

We'd like to provide you with more info. How can we reach you?

Enter your email above to agree to receive commercial electronic communication from Plurilock via email.

Thanks!

Someone from Plurilock will get in touch with you soon.
 
In the meantime, learn more about our ADAPT and DEFEND products—and be sure to check out our Blog for in-depth cybersecurity coverage.