Disclosed are various embodiments for managing security credentials. In one embodiment, knowledge-based questions are selected in response to failing to receive a valid master security credential in a request to authenticate a user account for access to account data. In response to receiving the request, the plurality of knowledge-based questions are provided to an application. Answers to the knowledge-based questions are received and scored. Access is granted to establish a new master security credential based at least in part on the score meeting or exceeding a predetermined threshold.