GPS desktop

Episode 245: How AI is remaking knowledge-based authentication

In this episode of the Security Ledger podcast, we interview Matt Salisbury of Honey Badger HQ, about his anti-fraud startup and how AI and machine learning are breathing new life (and potency) into knowledge-based authentication. If you find it interesting, check out the rest of our Life After the Password series of podcasts.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google PodcastsStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.


Usernames and passwords have been with us almost as long as computers themselves – at least since the early 1960s when MIT introduced the Compatible Time-Sharing System (CTSS), an operating system, that was the first computer system to implement password login. 

60 years in, passwords at a breaking point

Matt Salisbury is the co-founder and CEO of Honey Badger HQ

Six decades later, however, password use has tipped into the absurd. A 2017 study by Lastpass of its business users found that the average employee maintained 191 passwords in their account. That means the average 250 person company maintained more than 47,000 passwords. If the data is right, many of the passwords employees use are weak and easily guessed  – or used across multiple applications. 

Passwordless? Imagining the Future of Authentication

The adoption of so-called “two factor” authentication has helped with that problem, but even that technology has its limitations, as the recent hack of ride sharing firm Uber showed. But the key question for companies and employers remains the same: what is the most reliable and secure way to make sure someone seeking access to our network or applications is who they say they are?

AI juices knowledge-based authentication 

Our guest on this week’s podcast has an answer to that question, and it may not be what you’re expecting. 

Matthew Salisbury is the CEO of the firm Honey Badger HQ, a Menlo-park based fraud prevention startup that has developed a novel way to do “knowledge based authentication” to verify account holders. The company’s technology uses machine learning to find derived information about the user and create a custom test based on that information that can quickly and securely verify the user’s identity.

For example, instead of asking the user to enter personal information like their mother’s maiden name or elementary school -the traditional approach to knowledge-based authentication that fraudsters readily gamed – the system harvests information from data points like the geographical details or information in the user’s profile or background information. It then creates custom user authentication tests based on that data. 

Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons

We invited Matt into the studio to talk about Honey Badger’s technology and how AI and machine learning are changing the conversation about what’s possible when it comes to knowledge-based authentication.

You can listen to the podcast using the player (above) or download the MP3 using the button.

One Comment

  1. Pingback: November 4 | cybersecurity update