Authentication is a process used to verify the identity of a user or a system. In the context of information security, there are generally three recognized types of authentication factors, often referred to as the “three factors of authentication.” These are:
Something You Know (Knowledge Factors): This is the most common form of authentication and includes things like passwords, PINs (Personal Identification Numbers), and security questions. The user must know and provide the correct answer or code to gain access.
Something You Have (Possession Factors): This involves something the user physically possesses and can include items like keycards, smartphone apps, USB drives, or tokens. Modern methods might include digital solutions like a one-time password (OTP) generated by an app, or a security token that produces a constantly changing series of codes.
Something You Are (Inherence Factors): This category involves biometric verification, using unique biological traits of an individual to authenticate. Examples include fingerprint scanning, facial recognition, voice recognition, iris scanning, and even heart-rate patterns.
In addition to these three primary factors, there are two more which are sometimes mentioned in broader discussions of authentication:
Somewhere You Are (Location Factors): Authentication can be contingent on being in a specific location, usually determined through GPS or IP address. For example, access might only be granted to users within a certain office building or country.
Something You Do (Behavior Factors): This is a less common form but involves patterns unique to the individual, such as typing rhythm, mouse movements, or walking patterns. It’s often used in conjunction with other factors for continuous authentication.
Using multiple types of authentication in combination, a practice known as multi-factor authentication (MFA), significantly increases security. For instance, a system might require a password (something you know) and a fingerprint scan (something you are), making unauthorized access more difficult.