# Authentication Factor

- something the user knows
  - password
  - PIN
  - secret question
- something the user has
  - ATM card
  - security badge
  - key fob
  - browser cookie
  - smartphone
- something the user is
  - biometrics (face, voice, fingerprint, gait)
- something about the user's context
  - location
  - time
  - devices in proximity
  - recent actions
- individually have weaknesses
  - knowledge can be copied/transferred/learned or forgotten
  - possessions can be stolen/cloned or lost
  - biometrics can be easily faked and irreversibly altered
  - habits can be guessed or broken
- combining them makes them stronger (2fa/mfa)