An authentication factor is any type of credential used for identity verification. The three most common categories are considered as:
- Something the user knows (knowledge factor), such as the password, ID, PIN or an answer to a personal question, defined during the registration process.
- Something the user has (possession factor), like a token or a one-time password.
- Something the user is (inherence or biometric factor), for example, a physical evidence as a fingerprint or facial recognition.
Each authentication system uses the factors that it considers most appropriate to verify its users.