An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be.
Each category is considered a factor. For example, user names and passwords are both the same type of factor, so their combined use is single-factor authentication (SFA), despite the fact that there are two elements involved.
Types of authentication factors:
There are three categories of authentication factors. These are generally broken down as:
- Knowledge factors: A knowledge factor is something you know, such as a user name and password.
- Possession factors: A possession factor is something you have, such as a smart card or a security token.
- Inherence factors: An inherence factor is something you are, an inherent biometric characteristic such as a fingerprint, voice or iris pattern.
Single-factor authentication is based on only one category. The most common SFA method is a user name and password combination (something you know), although biometric authentication is becoming more common. The security of SFA relies to some extent upon the diligence of users. Best practices for SFA include selecting strong passwords and refraining from automatic or social logins. Nevertheless, for any system or network that contains sensitive data, it's important to add additional authentication factors. Multifactor authentication (MFA) involves two or more independent credentials for more secure transactions.
Two-factor authentication uses any two the three categories. Examples include using a security token, such as a key fob or smart card, in conjunction with a PIN (personal identification number) or swiping a card before scanning your fingerprint.
Three-factor authentication requires the use of credentials from each of the three categories. One example would be entering a PIN (something you know) to unlock your smartphone (something you have) and then supplying an iris scan to finalize authentication.
Read an expert overview of the top multifactor authentication products on the market.