What is KBA?
KBA stands for “Knowledge Based Authentication.” It is an additional layer of security used when you log in to the portal using your username and password.
KBA is similar to a password because you are being prompted to respond with something you know in order to access your account. It is different than a password because it is not a complex string of characters that you have to remember or even write down. KBA is designed to provide additional security without more hassle.
KBA was developed as a way to prevent your account from being accessed by someone other than you even if they somehow obtain your password.
How does KBA work?
When you log in to your account using your username and password for the first time you will be prompted to select your KBA questions and provide the answers. One of the goals of KBA is to allow for secure access to your account and in order to facilitate this you will select fifteen questions which will create your pool of questions that KBA selects from in order to validate your identity.
Every time you log in to AKO using your username and password you will be prompted with three questions from your selected pool with a drop-down box to select the answer from. Your chosen answer will be one of several presented to you which you must select correctly on each question to be granted access to the account.
Note that accessing AKO using your CAC will bypass the KBA requirement.
What happens if I can’t answer my KBA?
You will be prompted to answer your KBA questions three times. If you fail to answer your KBA questions correctly all three times the password on your account will immediately expire. You will still be able to log in to your account using a CAC but if you are unable to do this you will need to reset the password to your account in order to access it.
External sites and KBA
If you are logging in to a non-AKO site using your AKO username and password you will not be prompted with your KBA; only when you log in to AKO will you be prompted with KBA.
Please note that if you have attempted to log in to AKO and have failed your KBA three times this will lock out the access capabilities of your entire account which will also prevent you from accessing external sites.
If you log in to AKO web mail directly and are prompted to answer your KBA questions this is a known error. Please see I AM BEING PROMPTED TO ANSWER MY KBA for more information.
You can always change your KBA questions after logging in to your account. Just open the ‘My Account’ menu and click on ‘KBA Questions’ to start the enrollment process again. You will have to select and answer all fifteen questions again so please make sure you are ready when you enter the re-enrollment process. If you begin and then cancel the re-enrollment process this will count as a failed answer and three failures will expire the password on your account.
If you cannot access your account past your KBA questions or have any trouble logging in please call the AKO Service Desk.