An organization is implementing multifactor authentication for remote VPN users. The security team wants to add a possession-based factor that forces users to insert a company-issued smart card or tap a hardware security token before they can log in. Which factor category meets this requirement?
This requirement aligns with the possession factor, commonly described as "something you have," because it requires the user to present a physical object-such as a smart card, USB security key, or one-time-password token-that is under their control. Knowledge factors (something you know) rely on memorized secrets, inherence factors (something you are) use biometrics, and location factors (somewhere you are) depend on geographic or network attributes, none of which satisfy the need for a physical item.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of 'something you have' authentication factors?
Open an interactive chat with Bash
How does 'something you have' differ from 'something you know' as an authentication factor?
Open an interactive chat with Bash
Why is 'something you have' considered secure as part of multifactor authentication?