Definition

authentication factor

Ivy Wigmore

By

Ivy Wigmore

What is an authentication factor?

An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be.

Each category of credential is considered a factor. For example, usernames and passwords are the same type of factor, so their combined use is single-factor authentication (SFA), despite the fact that there are two elements involved.

Types of authentication factors

The three categories of authentication factors are generally broken down as:

Knowledge factors. A knowledge factor is something you know, such as a username and password.
Possession factors. A possession factor is something you have, such as a smart card or a security token.
Inherence factors. An inherence factor is something you are. This includes biometric factors such as a fingerprint, voice or iris pattern.

Graphic of various biometric authentication options — Biometric factors range from biometric scans to voice recognition to iris scans.

SFA vs. 2FA vs. 3FA vs. MFA

SFA is based on one category. The most common SFA method is a username and password combination (something you know). The security of SFA relies to some extent on the diligence of users. Best practices for SFA using passwords include selecting strong, unique passwords and not reusing passwords across accounts.

Systems and networks that contain sensitive data should use more than one authentication factor.

Two-factor authentication (2FA) uses two of the three categories. 2FA often includes a username-password combination, in addition to a security token, such as a key fob or smart card, a PIN or biometric, such as a fingerprint scan.

Three-factor authentication (3FA) requires the use of credentials from each of the three categories. An example of 3FA would be entering a PIN (something you know) to unlock your smartphone (something you have) and then supplying an iris scan (something you are) to finalize authentication.

Multifactor authentication (MFA) involves two or more independent credentials for more secure transactions. Like 2FA or 3FA, MFA can involve something you know, something you have and something you are.

Editor's note: This article was originally written by Ivy Wigmore. It was republished in March 2023 to improve the reader experience.

This was last updated in March 2023

Continue Reading About authentication factor

Why it's time to expire mandatory password expiration policies

4 essential identity and access management best practices

How to build an effective IAM architecture

7 reasons identity and access management is important

More on multifactor authentication from NIST

Dig Deeper on Identity and access management

Networking

Cisco makes big splash with Splunk
The integration of Cisco and Splunk could result in a full-stack offering that provides comprehensive visibility across ...
Cut through 5G hype with the latest insights
Network complexity has made 5G difficult for telecom providers to enable, which has delayed global development. These insights ...
Hybrid work drives changes to on-premises networks
Remote and hybrid work are forcing changes to on-premises networks, such as increased bandwidth, upgraded Wi-Fi connectivity and ...

CIO

U.S. government shutdown would crush CHIPS Act momentum
A U.S. government shutdown would significantly impact implementation of the CHIPS and Science Act of 2022 as federal workers ...
6 alternatives to blockchain for businesses to consider
Technologies like cloud storage and distributed databases provide some of blockchain's data-integrity and reliability advantages ...
Why cloud governance is shifting to business stakeholders
Balancing value creation with innovation is a constant challenge for organizations. Here's what to consider when evaluating the ...

Enterprise Desktop

Intel promotes new computing era with AI PC
Intel says its upcoming Core Ultra will help lead personal computing to the AI PC era by making AI processing a mainstream task ...
4 ways that I use generative AI as an analyst
Many use cases for generative AI involve projecting to the future and aren't currently easy to use. However, these four use cases...
How to handle rugged device management in the enterprise
Certain endpoint use cases require ruggedization to ensure devices aren't physically compromised. IT still needs to manage these ...

Cloud Computing

3 rules to avoid high multi-cloud integration costs
When using multiple cloud providers, integration costs can grow quickly. To prevent billing surprises, enterprises must carefully...
Oracle databases in OCI now run on Microsoft Azure
A new partnership between two enterprise technology giants adds Oracle's hardware and software for Microsoft Azure customers, as ...
On-premises data centers play key role in distributed clouds
Enterprise Strategy Group's Scott Sinclair shares survey results on the benefits and challenges of managing distributed clouds. ...

ComputerWeekly.com

Smartphone recycling: UK buyers say let’s go round again
The cost-of-living crisis in the UK shows no sign of abating, and nor does the need for consumers of all products and services to...
How ready does the world need to be for the quantum era?
Great use cases may exist for quantum computing, but no one knows for sure how long they will need to wait for a production-ready...
Peachtree Corners smart city gets traffic management solution into gear
Pioneer US smart city teams with Intelligent Traffic Control for vehicle control system that can be applied to existing ...

Close