Definition

possession factor

Contributor(s): Ivy Wigmore

The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.

There are three main categories of user authentication factors. In addition to the possession factor (described as “something the user has”), there is the knowledge factor (something the user knows) and the inherence factor (something the user is, typically a biological characteristic captured as biometric  data).  Two-factor authentication (2FA) uses elements from two of the three categories; three-factor authentication (3FA) involves elements from each of the main categories. Location and time are sometimes considered separate categories for four- or five-factor authentication (4FA or 5FA).

Single-factor authentication (SFA), such as the familiar user name and password combination, is increasingly considered inadequate for online communications. User names are easily guessed and most passwords easily cracked. Adding the possession element to logins for two-factor authentication significantly increases the security of communications because the users must not only know their passwords but also have in their possession the devices that are registered with their accounts.

Multifactor authentication (MFA) is becoming increasingly common for mobile authentication, two-factor authentication in particular. Google Authenticator, for example, requires the user to log in to websites as usual and then input a time-based one-time password (TOPT) that is sent to the registered device.

Ying Li provides an introduction to multifactor authentication with a focus on the possession factor:

This was last updated in December 2014

Continue Reading About possession factor

Dig Deeper on Web authentication and access control

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close