11.11 Configuring Security Questions for Knowledge-Based Authentication

Knowledge-based authentication (KBA) is an authentication method which is used to challenge the user to prove identity based on the user’s answers substantiated by a real-time interactive question and answer process.

The KBA feature provides a rich set of challenge questions, logic behind presenting these challenge questions to users, and validations to control the answers that users can provide.

KBA is a secondary authentication feature, which is presented to the user after successful primary authentication (for example, a user entering user name and password) to enhance the security.

KBA provides an infrastructure for:

• Questions: Users to select challenge questions and provide answers which are used to challenge them later on.
• Categories: Manages the question categories in the system.
• Registration Logic: Manages the level of algorithm logic used for the registration for challenge questions and answers.
• Answer Logic: To intelligently detect the correct answers in the challenge response process.
• Validations: Manages the validation for the answers given by a user at the time of registration.

This chapter introduces you to the key concepts behind KBA. It contains the following topics:

• About KBA Registration
• Configuring Registration Logic
• Configuring Answer Logic
• About Top Categories
• About Top Questions
• About Disabling Question and Category Logic
• About Deleting Question and Category Logic
• Configuring Validations for Answer Registration