Knowledge Based Authentication for digital signatures – what is it and how does MyDocSafe deal with it

mydocsafe customer portals

There are two commonly used definitions of Knowledge Based Authentication:

  1. Knowledge-based authentication (KBA) is a security measure that identifies end users by asking them specific questions in order to provide accurate authorisation for online or digital activities. Knowledge-based authentication has become prevalent in many different types of network setups and across the Internet.  Companies often ask users to answer these questions in order to gain access to personal, password-protected areas of a site.
  2. Knowledge-based authentication (KBA) is specifically requested by IRS for Form 8879.  It involves an outside credit agency that verifies the identity of the individual signing by
    1. searching public records and
    2. asking questions, often auto-generated, that are based on those records (for example “what car did you buy last year” or “what was your previous address”).

MyDocSafe now offers the first type of KBA.  When sending a document for digital signature the sender can request a second factor authentication.  The KBA option comes as a one-time password that is sent to them also by email (ideally to a separate address).

We currently do offer the second type of KBA for enterprise clients only (using third party services).  Other types of second factor authentication we offer include SMS code verification.  The code is sent to the mobile phone and thus proves mobile phone ownership.   Finally we offer ID verification using third party providers.  The latter service involves taking a selfie and a scan of an ID document together with recording a short movie which proves ‘liveness’.

Please contact us if you require more information.