possession factor

The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.

Download this free guide

5 Ways to Prevent Ransomware: Download Now

Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

There are three main categories of user authentication factors. In addition to the possession factor (described as “something the user has”), there is the knowledge factor (something the user knows) and the inherence factor (something the user is, typically a biological characteristic captured as biometric  data).  Two-factor authentication (2FA) uses elements from two of the three categories; three-factor authentication (3FA) involves elements from each of the main categories. Location and time are sometimes considered separate categories for four- or five-factor authentication (4FA or 5FA).

Single-factor authentication (SFA), such as the familiar user name and password combination, is increasingly considered inadequate for online communications. User names are easily guessed and most passwords easily cracked. Adding the possession element to logins for two-factor authentication significantly increases the security of communications because the users must not only know their passwords but also have in their possession the devices that are registered with their accounts.

Multifactor authentication (MFA) is becoming increasingly common for mobile authentication, two-factor authentication in particular. Google Authenticator, for example, requires the user to log in to websites as usual and then input a time-based one-time password (TOPT) that is sent to the registered device.

Ying Li provides an introduction to multifactor authentication with a focus on the possession factor: