A company is implementing multifactor authentication for their VPN access. Which of the following would be considered the BEST 'something you have' factor?
A smartphone with a biometric lock.
A security token generating one-time codes.
An SMS text message sent to the user's phone.
A password written down on a piece of paper.