If you've shopped for e-signature software as a tax preparer, you've run into the term "KBA." It comes up specifically around Form 8879, and it confuses a lot of people because it's a requirement most other industries never deal with. Here's what KBA actually is, why it matters for tax, and how it compares to the newer alternative.
KBA, Defined
Knowledge-Based Authentication (KBA) is a method of verifying someone's identity by asking questions that, in theory, only that person can answer. In the context of tax e-signing, these are "out-of-wallet" questions — details pulled from public records and credit history rather than information sitting in the person's wallet or that a stranger could easily look up.
Typical KBA questions look like: "Which of these streets have you lived on?" or "Which of these lenders holds a loan in your name?" The signer picks from multiple choice answers, and a passing score confirms their identity.
Why KBA Matters for Form 8879
Most documents don't require identity verification to e-sign — you click, you sign, done. Form 8879 is different. Because it authorizes electronic filing of a tax return, the IRS requires that when a taxpayer signs it remotely (not in the preparer's physical presence), their identity is verified through an approved method. KBA has historically been the go-to method, which is why tax e-signature tools advertise it and general-purpose tools often require a KBA add-on to be used for 8879.
How the KBA Process Works
- The preparer sends the 8879 for signature.
- Before the document opens, the signer is presented with a short set of identity questions generated from third-party records.
- The signer answers; a passing score unlocks the document to sign.
- If they fail, they typically get a limited number of additional attempts before being locked out.
The Limitations of KBA
KBA works, but it has real weaknesses that frustrate both preparers and clients:
- Legitimate clients fail it. When public-records data is thin, outdated, or simply wrong, the right person can fail the quiz — common with young taxpayers, recent movers, or people with limited credit history.
- Data breaches have eroded it. So much "out-of-wallet" information has been exposed in breaches that the security premise is weaker than it once was.
- It can stall the engagement. A locked-out client means a phone call, a workaround, and a delay right at the finish line.
The Alternative: Document + Selfie (IAL2)
A newer IRS-accepted method verifies identity differently: the taxpayer photographs a government-issued photo ID and takes a live selfie, which is matched to the ID. When performed by a provider meeting NIST Identity Assurance Level 2 (IAL2), this satisfies the remote 8879 identity-verification requirement — and it tends to be more reliable for the signer, since it doesn't depend on whether public records happen to have good data about them.
Both methods are valid. The practical trade-off: KBA is a quick quiz with a real failure rate; document + selfie takes a minute longer but rarely locks out a legitimate signer. We cover the full set of rules in our guide to e-signing Form 8879 remotely.
What This Means When Choosing Software
When you evaluate an e-signature tool for your practice, the question isn't just "does it do KBA?" — it's "which verification method does it use, how reliable is it for my clients, and what does it cost per return?" Some tax platforms build verified signing in at no per-return charge; general-purpose e-signature tools usually charge extra for the identity-verification step. See how the options compare in our best e-signature software for tax preparers guide.
The Short Version
KBA is the question-quiz method of confirming a taxpayer's identity before they remotely sign Form 8879. It's IRS-accepted and widely used, but it has a meaningful failure rate. Document + selfie verification at IAL2 is the modern alternative that solves most of KBA's frustration while meeting the same requirement.