What is knowledge-based authentication (KBA)?
Knowledge-based authentication is an identity-proofing method that verifies a person by asking questions only the real individual should be able to answer. Florida’s online-notarization statute, § 117.201, Florida Statutes, defines KBA as “a form of identity proofing based on a set of questions which pertain to an individual and are formulated from public or proprietary data sources.”
Those questions are generated dynamically from public or proprietary records tied to the person — a prior street address, a former vehicle, a lender you once used — rather than security questions the signer picked in advance. That distinction is what gives KBA its strength: the answers aren’t something a fraudster can reset, phish, or guess, because they’re pulled fresh from data the impostor never had access to. The National Notary Association’s guide to identifying signers for remote online notarization gives a typical example: a signer “might be asked to identify among 5 choices their mortgage balance at the end of last month or an address where they have lived in the past.”
KBA is one species of a broader category the same Florida statute calls identity proofing: “a process or service in compliance with applicable law in which a third party affirms the identity of an individual through use of public or proprietary data sources, which may include by means of knowledge-based authentication or biometric verification.” In other words, KBA is the most common way online notarization proves identity, but the law leaves room for other conforming methods, too.
Why online notarization relies on KBA
In a traditional, in-person notarization, the notary confirms identity face to face and can physically inspect the ID. In remote online notarization (RON), the signer instead appears on live video — so the standards call for more than one method of verification to close the gap that physical presence would otherwise fill.
The National Association of Secretaries of State (NASS) adopted Remote Online Notarization Standards in 2018 that require multiple means of verifying the signer’s identity — “e.g. Knowledge Based Authentication and credential analysis” — along with “measures to ensure the security and privacy of the audio-video communication.” Individual states then codify that principle. Florida law, for example, requires that before an online notarization proceeds, the notary confirm identity through all of the following: remote presentation of a government-issued ID, credential analysis of that ID, and identity proofing in the form of KBA (or another conforming method). KBA is one pillar of that layered approach, never the whole structure.
The practice has spread fast. Virginia pioneered remote e-notarization in 2011, Montana followed in 2015, and Nevada and Texas joined in 2017; NASS reports that 47 states and the District of Columbia now have a law that allows for remote e-notarization. Notary commissioning law remains per-state, but the documents themselves travel: a RON document is legally valid in all 50 states for the consumer service, backed by the federal ESIGN Act’s rule that an electronic signature or record may not be denied legal effect solely because it is in electronic form (15 U.S.C. § 7001).
Dynamic KBA vs. static security questions
Dynamic KBA is not the “What was your first pet’s name?” question you answered when you opened a bank account. Those are static security questions: chosen in advance, stored by the institution, and reusable by anyone who learns or resets them.
Dynamic KBA works differently on every axis that matters for fraud:
- Source. Static answers come from the user; dynamic questions are formulated from public or proprietary data sources the signer never submitted.
- Freshness. Static answers sit unchanged for years; dynamic questions are generated at the moment of the session, and no two signers see the same quiz.
- Resettability. A static question can be reset through a customer-service channel; a dynamic quiz has nothing to reset — the underlying records are the answer key.
- Time pressure. Dynamic KBA is timed, which blunts an impostor’s ability to research answers mid-quiz.
When state notary law says “knowledge-based authentication,” it means the dynamic kind. The Texas Secretary of State’s identity-proofing guidance is explicit that identity proofing is done “through a third party who uses dynamic knowledge based authentication (KBA).”
Where KBA fits in the RON identity stack
RON doesn’t depend on any single check. It combines several complementary layers, each catching what the others might miss:
| Layer | What it verifies | How it works |
|---|---|---|
| Knowledge-based authentication | What the signer knows | Dynamic quiz generated from public/proprietary records |
| Credential analysis | That the government ID is authentic | Automated check of the credential’s security features |
| Remote presentation | That the notary can see the ID | The signer transmits an image of the credential clear enough for identification |
| Live audio-video comparison | That the person matches the ID | Notary visually compares the signer on live video to the credential |
The layers answer different questions — something you know, something you have, and whether the human on camera is the same person. Florida’s statute defines each precisely: remote presentation is the “transmission of an image of a government-issued identification credential that is of sufficient quality” for identification, and credential analysis is a process “in which a third party aids a notary public in affirming the validity of a government-issued identification credential.” Read more about that document check in our explainer on how the ID document itself is verified, and about how the whole session is preserved in our guide to the notarization’s tamper-evident record.
What to expect during the KBA quiz
The KBA step is short, and it happens before the notary begins the notarial act. A typical flow looks like this:
- You enter identifying information to start the identity-proofing step. Proof’s help center, for example, asks for your name, address, date of birth, and the last four digits of your Social Security number, used only to generate the questions.
- The system generates a set of multiple-choice questions from public or proprietary records — past addresses, vehicles, loans, people associated with your address — not questions you chose in advance.
- You answer within the allotted time. The quiz is timed, the questions appear one at a time, and each has several answer choices.
- Passing confirms this layer, and the session continues to credential analysis and the live video verification.
Have your ID handy and answer from memory rather than research — the time limit is part of the security design. On the Proof platform, for instance, signers get “2 minutes to answer 4 out of 5 challenge questions correctly,” and the vendor notes that roughly six months of credit history is generally needed for the system to build a quiz at all.
KBA rules by state: question counts, scores, and time limits
No single federal rule sets the KBA quiz format. Each state that regulates RON sets (or delegates) its own parameters, and platforms configure their vendors to meet them. Here is how three verified reference points compare:
| Jurisdiction / platform | Passing standard | Time limit | Retake policy |
|---|---|---|---|
| Texas (Secretary of State guidance) | At least 80% of questions correct | Not specified in SoS guidance | One retake within 24 hours; after a second failure, no retry with the same notary for at least 24 hours |
| Utah (UAC R623-100-5, per NNA) | At least 4 of 5 questions (80%), each with at least 5 answer choices | Under 2 minutes | Two retakes within 48 hours; each retake must replace 2 of the 5 questions; after a failed second retake, the notary must not perform the RON |
| Proof (platform policy) | 4 of 5 questions correct | 2 minutes | Immediate retake after the first failure; 24-hour wait after the second; 48-hour lockout after the third |
Two patterns stand out. First, the five-question, 80%, two-minute format recurs across rules and platforms — it has become the de facto industry configuration. Second, every framework converges on the same endpoint: repeated failure stops the notarization rather than lowering the bar. The exact number of questions, passing score, and time limit in any given session depend on your state’s law and the platform’s identity vendor, so treat the table as verified reference points, not a universal rule.
What happens if you fail KBA
Failing KBA doesn’t flag you as a criminal — it simply means the system could not confirm, to the standard the law demands, that you are who you claim to be. Because identity verification is mandatory, the notarization stops there. Florida’s procedures statute is explicit: if the notary is unable to satisfy the identity-proofing requirements, “or if the databases consulted for identity proofing do not contain sufficient information to permit authentication, the online notary public may not perform the online notarization.”
Legitimate signers fail KBA more often than you might expect, and usually for mundane reasons:
- A recent move — public records haven’t caught up with your current address.
- A name change — marriage, divorce, or a legal name change creates record mismatches.
- A thin file — younger adults or people with limited credit history may not generate enough questions; Proof notes that some signers with valid Social Security numbers simply lack sufficient records “to generate the minimum number of required verification questions.”
- Stale questions — quizzes can draw on old records you genuinely don’t remember.
- The clock — rushing, or running out of time, counts against you like a wrong answer.
That is the point of the check, not a flaw in it. The whole purpose is to stop someone holding a stolen or synthetic ID from impersonating the real signer — which is why the retake windows in the table above are deliberately narrow.
How to pass KBA on the first try
A few minutes of preparation removes most avoidable failures:
- Use your full legal name exactly as it appears on your government-issued ID — a nickname or missing suffix can derail record matching.
- Enter your details carefully. Most first-attempt failures trace to a typo in the name, date of birth, address, or SSN digits, not to wrong quiz answers.
- If you recently moved or changed your name, try your former address or former name — the records behind the quiz may still reflect them.
- Answer from memory, quickly and carefully. The quiz is timed; read each question fully, but don’t stop to look anything up.
- Do it in a quiet spot on a reliable connection, so a dropped page doesn’t burn an attempt.
KBA edge cases: no SSN, thin files, and signing from abroad
KBA assumes a U.S. data footprint, and the law and platforms have built workarounds for signers who don’t fit that mold.
No Social Security number. Proof’s help center states its platform “can accept either a U.S. Social Security number or an individual tax identification number” (ITIN) for KBA — provided the identifier is tied to enough records, such as credit history or vehicle registration, to generate questions.
Signing from outside the United States. Florida law expressly permits it: an online notary physically located in Florida may perform an online notarization “regardless of whether the principal or any witnesses are physically located in this state.” For a principal not located within the United States, § 117.201 allows “a passport issued by a foreign government not including the stamp of the United States Bureau of Citizenship and Immigration Services” to serve as the government-issued identification credential — and § 117.265 requires the notary to confirm, verbally or in writing, that an out-of-state principal wants the act performed by a Florida notary under Florida law.
Thin or unmatchable files. When the databases simply can’t produce a quiz, the session cannot proceed on KBA alone. Depending on the state, an alternative identity-proofing method, a different platform, or an in-person notarization may be the practical fallback.
Who provides KBA — and can the notary run it?
A third party runs the KBA check — not the notary, and not the signer’s bank. The Texas Secretary of State answers the question directly: “Both Chapter 406 of the Government Code and Chapter 87 of the secretary of state administrative rules require a third party to provide both the identity proofing and credential analysis procedures.” Florida’s definitions carry the same structure — identity proofing is a process “in which a third party affirms the identity of an individual.”
That separation is deliberate. The notary holds the commission and makes the final judgment; the identity vendor holds the data and generates the quiz. Neither can shortcut the other. Texas adds a practical note for anyone vetting providers: the Secretary of State keeps no approved-provider list, so a provider should be able to show it satisfies Chapter 87, Subchapter H of the Texas Administrative Code on its own evidence.
KBA keeps a human notary in the loop
A common misconception is that KBA “automates away” the notary. It doesn’t. The automated layers feed the notary; they don’t replace the notary’s judgment. Texas rules, for example, require the third-party provider to hand the notary the output of the credential check and “enable the notary to visually compare the credential used during credential analysis with the principal who has personally appeared before the notary via audio-visual transmission.” The signer still appears on live video, and the notary still makes the final call before performing the act — whether the signer acknowledges signing (an acknowledgment) or swears the contents are true and signs in front of the notary (a jurat).
When KBA isn’t required: personal knowledge and other paths
KBA is the default path, not the only one. Florida’s § 117.265(4) lets an online notary confirm identity by “personal knowledge of each principal” — no quiz, no credential analysis — because a notary who already knows the signer has nothing left to prove. The National Notary Association reports that nearly every state’s RON framework allows personal knowledge as an identification method, and that most states also permit a credible identifying witness to vouch for the signer.
Florida’s identity-proofing definition also leaves the door open to “biometric verification” and other conforming methods, so as vendors and rules evolve, some platforms may satisfy the identity-proofing requirement without a quiz at all. For now, if you booked an online notarization with a notary who doesn’t personally know you, expect KBA.
KBA and your online notarization
KBA is one reason a properly run online notarization can be as trustworthy as an in-person one: the identity checks are layered, standards-based, and recorded. On USA Notary, an online notarization costs $25 per document, the signer appears on live video, and identity is confirmed through this same stack of checks before the notary proceeds. To see how those layers fit together end to end, read how online notarization stays secure, or walk through the full remote session step by step.