As organizations begin to evaluate newer, more sophisticated technologies to combat identity theft, there seems to be confusion about whether knowledge based authentication (KBA) is still relevant and effective. Should it be ditched in favor of voice biometrics or other, newer technologies? While some are saying that KBA’s day is over, I believe otherwise.

The truth is that it’s not a one-or-the-other kind of decision. KBA still plays critical role in identity management…the key is how and where to apply it.

KBA is most effective when it supports the organization’s upfront identity proofing process when you first interact with a new customer. Establishing this authentication process during on boarding ensures that the customers setting up other types of strong authentication, such as voice prints or one-time passwords are indeed who they say they are. Think about it: If I called you on the phone right now to introduce myself, how could you be certain it was really me? You couldn’t unless I demonstrated that I know things you expect me to know. This idea was touched on in Kim Little’s recent post, “Authorized Users…in Name Only?”. Here more for Knowledge-Based Authentication