Authentication factor

An authentication factor is a distinct category of evidence used to verify the identity of a user or system requesting access to a digital resource. In cybersecurity and Identity & Access Management (IAM), authentication factors serve as critical security controls that validate an asserted identity before granting authorization to sensitive data, applications, or network infrastructure. These factors are classified into three primary types: knowledge factors (something you know, such as a password or PIN), possession factors (something you have, such as a security token or mobile device), and inherence factors (something you are, such as a fingerprint or facial recognition).

The strategic combination of multiple authentication factors, known as multi-factor authentication (MFA), significantly strengthens security by creating layered defenses. If one factor is compromised — for example, a stolen password — additional factors act as barriers against unauthorized access. This layered approach substantially reduces the attack surface and protects digital assets against credential theft, phishing, and other sophisticated threats, making it a foundational best practice in modern security architectures.