Authentication Factor

something the user knows
- password
- PIN
- secret question
something the user has
- ATM card
- security badge
- key fob
- browser cookie
- smartphone
something the user is
- biometrics (face, voice, fingerprint, gait)
something about the user's context
- location
- time
- devices in proximity
- recent actions
individually have weaknesses
- knowledge can be copied/transferred/learned or forgotten
- possessions can be stolen/cloned or lost
- biometrics can be easily faked and irreversibly altered
- habits can be guessed or broken
combining them makes them stronger (2fa/mfa)