The knowledge factor, in a security context, is a category of authentication credentials consisting of information that the user possesses, such as a personal identification number (PIN), a user name, a password or the answer to a secret question.
The knowledge factor is the most common category of credentials used for authentication. The other two common categories of authentication factors are the possession factor (something that the user has, such as a smartphone) and the inherence factor (something the user is, usually biometric characteristics, such as a fingerprint).
The typical user name and password authentication process is an example of single-factor authentication (SFA): Although there are two separate pieces of information that the user must produce, they both belong to the same authentication factor category.
The user’s ability to produce the relevant information provides proof of identity linked to authorization to interact with some system. The reliability of that proof is enhanced by multifactor authentication (MFA), in which the user must provide elements of at least two factors. Two-factor authentication (2FA) for smartphones, for example, typically involves the knowledge and possession factors: A user PIN followed by proof of possession of the device registered with the user account.
Three-factor authentication (3FA) involves factors from all three main categories. Four-factor authentication (4FA) adds the factor of user location, and five-factor authentication adds the factor of time.