Post by account_disabled on Feb 27, 2024 1:05:13 GMT -5
Browse by topics What is KBA? What are the main types of KBA? What are the applications of KBA? Is KBA safe? Why use facial recognition instead of KBA? Do you know what KBA is and why its use is not appropriate? Recently, data security has been a priority among companies, regardless of their niche. Due to the LGPD, General Data Protection Law, any failure can trigger fines for the business, in addition to being a risk to the organization's credibility. In this sense, there is a need to look for alternatives that provide lower risks for your audience, since passwords alone are not always efficient in preventing attacks. The KBA, in a scenario like this, becomes one of the alternatives for the business, but it is not the best solution. In this material, we explain a little more about the topic, in addition to highlighting which other methods should be preferred instead of KBA. Continue reading and find out more! What is KBA? KBA, short for knowledge-based authentication, is an authentication process that helps bring more security to a website, application, among other channels that require confirmation of the user's identity. Surely, you have already come across some “secret questions” on social networks or other platforms. “What is the name of your first pet?”, “What is the name of your first teacher?”, “What is your favorite food?”, are just some of the options that need to be answered for the user. This response is requested when the person needs to enter the channel or even when they forget their password and need to recover it. This is a step whose objective is to provide “security”. However, if even passwords with different characters and symbols alone are not secure, let alone a question that carries the risk of anyone else knowing the answer, right? Although the KBA has some criteria, such as the need to have only one correct answer that is easily remembered by the user, it is important that the institution looks for other alternatives that “make life difficult” for attackers.
What are the main types of KBA? There are two types of KBA: static and Poland WhatsApp Number dynamic. Below, we explain more about them. Look! static KBA In the case of static KBA, as the name suggests, it only requires one response. It won't change. To do this, the company needs to request feedback from the user before registering on the website. Very similar to the examples we presented above: the customer answers the question in question and, whenever necessary, the channel will ask him to fill it in correctly. Dynamic KBA In the case of dynamic KBA, there will be no type of prior consultation by the company. That is, the customer will not answer questions so that they will be asked in the future what the correct answer is. But how is this done then? The questions asked are taken from the customer's own database, whether public or private. Also very common among companies, and can be carried out in different ways. There is the opportunity, for example, to present in multiple choice, such as the following topic: “What is your mother's first name? Maria Joana Tereza Clara” However, in this case, the ideal is for more than one question to be asked. Therefore, anyone who doesn't know the answer is unlikely to get it right more often. In other words, the person will have no idea what they need to answer.
What are the applications of KBA? Some of the main applications of KBA are as follows: If the customer has forgotten their password combinations, they must answer the previously requested question (or a dynamic question) so that they can continue with the recovery process; for financial institutions, the KBA can be requested whenever a financial transaction needs to be carried out; If the person wishes to make any registration changes that could compromise access in the future, a second authentication may also be required for continuity; In call centers, this type of process may also be required so that the customer service team is aware that they are the person they say they are in contact with, among others. Is KBA safe? We have already provided the answer in this material, but it doesn't hurt to reinforce: no, KBA is not safe. Information present on social networks People who carry out attacks and fraud have experience in this type of authentication. In this sense, there is the possibility of it having access to all of the user's social networks, collecting some important information, normally provided by the person themselves. The name of the first pet, first teacher, date of birth of someone in the family, mother's name... everything is easily found on any channel, since there is a habit of publicizing different celebrations, get-togethers and remembering special moments in life. Therefore, a hacker will not try to enter the person's account “in the dark”. On the contrary. He will only proceed with the scam when he has already studied your information and has important data to be able to complete the cybercrime. Obtain data illegally In recent years, we have seen some leaks from large companies, including Facebook.