Cybersecurity Reference > Glossary
An Identity Factor is one of several general categories of identity signals that can be used to validate a user's identity.
The three identity factors used by security professions are: (1) things that only the correct user knows, such as a password; (2) things that only the correct user has, such as a particular mobile phone; and (3) things that only the correct user embodies, such as a fingerprint.
Login workflows that ask only for a username-password pair are said to be single-factor authentication workflows. To achieve more secure two-factor authentication (2FA) or multi-factor authentication (MFA) decisions, organizations must seek at login not only something known, like a username-password pair, but also something possessed and/or something embodied.