What Are the 4 Types of Authentication?

The four types of authentication claimed by cyber security vendors are:

  1. Something you know – like a password.
  2. Something you have – like a smart card to enter a building.
  3. Something you are – like a fingerprint.
  4. Something you do – like typing speed or location.

Traditionally cyber security has thought of only 3 authentication factors. Something that you know, you have, or you are. But as vendors have tried to find new ways of measuring "something you are" they have started to measure behaviour. Specifically how people use a mobile phone or computer.

This means that strong authentication can be used on more devices. It removes the need for fingerprint scanners or cameras for facial recognition. And allows more people to access to strong authentication.

But it doesn't change the foundation of the three factors of authentication:

  1. Typing speed (something you do) is based on something you are – muscle strength.
  2. Location information (something you do) is based on something you have - a device with GPS or other location-finding apps.
  3. Connecting to a website from a specific device (something you do) is based on something you have - access to one particular phone, tablet or computer.

Related Reads

The Guide: Highly Visible People

The Guide: Highly Visible People

The best way to protect yourself and your business from malicious actors is to understand their modus operandi...

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868