Revision as of 18:19, 18 December 2022 edit 154.115.222.244 (talk) Faapio Tags: Reverted Visual edit Mobile edit Mobile web edit ← Previous edit		Revision as of 18:53, 18 December 2022 edit undo MrOllie (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 255,351 edits m Reverted 1 edit by 154.115.222.244 (talk) to last revision by Jarble Tags: Twinkle Undo Next edit →
Line 5: Static KBA, also referred to as "shared secrets" or "shared secret questions," is commonly used by banks, [[financial services]] companies and e-mail providers to prove the identity of the customer before allowing account access or, as a fall-back, if the user forgets their password. At the point of initial contact with a customer, a business using static KBA must collect the information to be shared between the provider and customer—most commonly the questions and corresponding answers. This data must then be stored only to be retrieved when the customer comes back to access the account. The weakness of static KBA was demonstrated ~~faapio~~in [[Sarah Palin email hack\|an incident in 2008]] where unauthorized access was gained to the e-mail account of former Alaska Governor [[Sarah Palin]]. The [[Yahoo!]] account's password could be reset using shared secret questions including "where did you meet your spouse?" along with the date of birth and ZIP code of the former governor to which answers were easily available online. Some identity verification providers have recently introduced secret sounds or pictures in an effort to help secure sites and information. These tactics require the same methods of data storage and retrieval as secret questions.

Knowledge-based authentication: Difference between revisions