- Single factor security is proof by knowledge and where a user proves his/her identity by use of a pin, a password or something other piece of data/information which should only be known to the user.
- Two factor security involves proof by possession where proof by knowledge is supplemented by something only the user should have (such as a token or a smart card).
- Three factor security involves proof by property where the other factors are supplemented by something particular to the user such as their fingerprint or retinal scan. This approach is known as biometrics.
Whilst the higher factor security levels are theoretically more secure, an organisation should ensure that the controls over the issue of authentication are equally strong.