Authentication is the process of proving that something is genuine. While the term can apply to establishing the authenticity of a fact, document, device, or other point of trust, we use it here to describe the process of using knowledge based authentication in establishing the identity of a person.
Knowledge based authentication, or KBA, uses “what you know” to verify your identity. KBA conceptually requires an individual to possess and share information that is only known by that individual in order to prove that they are who they say they are.
It is a security measure that enables users to prove their identity when challenged. How many times have you logged into an account with a username and password today? Have you ever entered your mother’s maiden name to be able to reset a forgotten password? These are all examples of knowledge based authentication.There are two types of KBA, static and dynamic.
There are two types of KBA, static and dynamic.
There are two types of KBA, static and dynamic.
Static KBA is the most common type of authentication used today. On initial enrollment or account registration, an individual provides information that will then be used to grant access or reset credentials in the future. This information is shared between the organization providing the service and the end user. The user provides this information each time they authenticate, and the organization concurrently retrieves it to verify the user’s provided credentials.
Dynamic KBA | out-of-wallet questions
Dynamic KBA methods are often referred to as out-of-wallet questions because the answers are not generally found in a person’s wallet. Dynamic KBA differs from static KBA in that it does not require the user to provide pre-determined information on enrollment into a system, but instead generates questions and answers pertaining to the user from public and private data including marketing data and credit reports. After the user provides general identity information like name and date of birth, the organization retrieves records and generates questions and answers to authenticate the identity of the user.
Information that is supposed to be “private” may be easily accessed by people that are not the genuine user.
With the sheer amount of information on any given person available online through social, public records, and past exposures, a bad actor may be able to provide the answer to “What is the name of your first pet?” just as easily as you can. A quick search on https://haveibeenpwned.com/ can show some of the data breaches associated with your email address where some underlying KBA information may have been leaked.
The ubiquity of KBA has led to centralized data of personal user information and credentials.
Many organizations store all user credentials on one centralized database, leading to devastating data breaches that expose vast amounts of personal data, such as the 2013 Adobe breach which impacted around 38 million users.There have been so many data breaches which means that knowing your mother’s maiden name or which street you lived on is no longer a reliable way to prove that you are who you say you are.
Although password use is ubiquitous and works on any device, it poses a number of security challenges.
The vast number of accounts that each person maintains makes passwords extremely challenging to manage.
One study shows that the average person has 90 online accounts, nearly all of which rely on KBA! If one of your passwords is exposed in an account takeover attack, how many other accounts can be compromised along with it?
Even with best practices for password use and security in place, KBA credentials can easily be given away to bad actors using social engineering schemes.
Personal credentials are exposed every day by unknowing victims of phishing and other social engineering schemes.
Poor balance between security and usability leads to insecure credentials, frustrated users, and vulnerabilities that can affect both the organization and individual..
While weak passwords are easily guessed, strong passwords can be easily forgotten. U.S. Gartner reported an average of 10% to 15% failure rate on KBA. Research from Keeper Security revealed that up to 17% of people use the password "123456" to 'secure' their accounts, while 50% use one of the top 25 most common passwords.
When cybercriminals can easily compromise or guess credentials and genuine users are not able to remember them, KBA fails to serve the primary function – authentication! In fact, in last year’s NIST Special Publication on Digital Identity Guidelines, KBA was no longer considered an acceptable authenticator because of its unacceptably high risk of successful use by an attacker.
In the case of passwords, it is difficult to balance security and convenience. Instead of protecting user accounts, authentication requirements can become a barrier to accessing services. Companies are increasingly implementing multi-factor authentication processes as the norm to add another layer of security and assurance to identity authentication. We see this happening with widespread adoption of biometric identity verification solutions in the financial services and healthcare industries for example, where privacy, security, and data protection are critical for regulatory compliance and user satisfaction.
Biometric tools offer an accurate and efficient process for virtual authentication. Trust Stamp Verify has broad benefits to user experience, fraud-prevention, customer retention, and more, so you can successfully navigate the digital-first future while prioritising the security of your organisation and your users. Trust Stamp’s interoperable biometric solutions are designed with the future in mind. Our tools work across systems, vendors, and devices, as the building blocks to a robust identity strategy. Trust Stamp Verify empowers your users to quickly and securely prove identity, without putting sensitive data at risk.
Multiple anti-spoofing tests detect print and device display attacks
AI matches proprietary templates and analyses security features for authenticity
Comparison of visual text and machine readable text determines document tampering
When combined with facial biometrics, the document photo is matched against a live facial capture to establish your user's true identityLearn More
In this example, Trust Stamp Capture, Identify, and Protect work together in a biometric enrolment user flow
Reduce losses to fraud with accurate and fast biometric comparison technology. Trust Stamp Verify provides a low-friction way to enhance risk management and data protection measures with secure, spoof-resistant authentication systems, all while protecting sensitive information from would-be criminals
Leverage the positive friction and reputational boost of biometric technology while reaching more users, reducing drop-out rates, and improving customer satisfaction with accessible digital tools
Empower your users to quickly prove their identity anytime and anywhere, eliminating barriers to conversion so they can access your services and systems the way you intended
Easily add advanced biometric capabilities to your user flows for account access, recovery, and more. Our systems are designed for rapid deployment across devices and platforms for a consistent user experience
Adjustable matching thresholds allow your organisation to set criteria based on risk-acceptance needs and make on-the-fly changes to balance good friction with security requirements
Trust Stamp’s transformation and comparison technologies significantly minimise data needed to accurately match identifiers. With an added layer of automated verification reducing the need for manual review, you can free up resources and reduce system strain
Set the foundation for a robust identity infrastructure with technology that prioritises privacy and data protection, in a rapidly evolving global compliance landscape
Get in touch with a team member today to learn more