Authentication

Proving an identity claim using something you know, have, are, do, or somewhere you are.

The five factor categories are something you know (password, PIN), have (token, smart card), are (biometric), do (behavioral pattern), and somewhere you are (location). Strong authentication combines different categories — two passwords are not MFA, because both are “something you know.” Phishing-resistant factors such as FIDO2/WebAuthn hardware keys are the current gold standard.

Related terms

Authorization
MFA

Back to General Security Concepts