> [!Warning] > This article is a work in progress! The three types of authentication factors are something you know (knowledge factor), something you have (possession factor), and something you are (inherence factor). Every authenticator has one or more authentication factors.^[[Authentication Factor - Glossary | CSRC (nist.gov)](https://csrc.nist.gov/glossary/term/authentication_factor)] # Knowledge Factor # Possession Factor The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.^[[What is possession factor? | Definition from TechTarget](https://www.techtarget.com/searchsecurity/definition/possession-factor)] # Inherence Factor