An authentication factor is a distinct piece of evidence used to verify the identity of a user or system attempting to access a digital resource. Within cybersecurity and Identity & Access Management (IAM), authentication factors serve as critical security controls that validate claimed identities before granting access to sensitive data, applications, or network infrastructure.

Authentication factors are categorized into three primary types: knowledge factors (something you know, such as passwords or PINs), possession factors (something you have, like security tokens or mobile devices), and inherence factors (something you are, including fingerprints or facial recognition). Combining multiple factor types through multi-factor authentication (MFA) significantly strengthens security by ensuring that compromise of a single factor alone cannot grant unauthorized access to protected systems.