Overview#Knowledge-Based Authentication (KBA) is an Authentication Method and a Authentication Factor.
Static Knowledge-Based Authentication#Static Knowledge-Based Authentication or Identity questions are nothing more than a Shared Secrets and has been deprecated by NIST.SP.800-63B
Dynamic Knowledge-Based Authentication #Dynamic Knowledge-Based Authentication is a higher level Of Assurance that uses knowledge questions to verify each Digital Identity, but does not require the person to have provided the questions and answers beforehand.
Dynamic Knowledge-Based Authentication questions are compiled from public and private data such as marketing data, credit reports, or transaction history.
To initiate the process, basic identification factors, such as name, address, and date of birth must be provided by the consumer and checked with a Verifier. After the Identity Proofing, questions are generated in real time from the data records corresponding to the Digital Identity provided. Typically the knowledge needed to answer the questions is not available in a person's wallet (some companies call them "out-of-wallet questions"), making it difficult for anyone other than the actual Person to know the answer and obtain access to secured information. Generally the period of time for the person is given to respond to questions and the number of attempts is limited to prevent answers from being researched.
Dynamic Knowledge-Based Authentication is employed in several different industries to verify the identities of customers as a means of fraud prevention and compliance adherence. Because Dynamic Knowledge-Based Authentication is not based on an existing relationship with a consumer, it gives businesses a way to have higher Identity Assurance Level on the Digital Identity during Credential Enrollment or in a Password Recovery condition.