Knowledge-based Authentication Is Not Enough

Feb 02, 2009

Download Everyday millions of consumers login to financial institutions, brokerage accounts, trading platforms and other web sites using Knowledge Based Authentication (KBA) solutions. Typically these solutions ask users to respond to questions selected by the user during the web site�s initial enrollment process.

The assumption is only that particular user knows the correct answer to these common questions. But the reality is these solutions tend to create user confusion and do little to protect a user�s online identity from common fraud attacks.

In an effort to make these Knowledge Based System more secure, Web applications are implementing challenge questions that are making these systems less user-friendly, formerly one of their biggest advantages, while simultaneously failing to increase system security.

This white paper discusses the challenges associated with these types of solutions and the type of attacks easily mounted against KBA systems.


Global Crypto