What are the 4 types of authentication?

The four types of authentication claimed by some cyber security vendors are:

  1. Something you know – like a password.
  2. Something you have – like a smart card to enter a building.
  3. Something you are – like a fingerprint.
  4. Something you do – like typing speed or location.

Traditionally cyber security has thought of only 3 authentication factors. Something that you know, you have, or you are. But as vendors have tried to find new ways of measuring "something you are" they have started to measure behaviour. Specifically how people use a mobile phone or computer.

This means that strong authentication can be used on more devices. It removes the need for fingerprint scanners or cameras for facial recognition. And allows more people to access to strong authentication.

But it doesn't change the foundation of the three factors of authentication:

  1. Typing speed (something you do) is based on something you are – muscle strength.
  2. Location information (something you do) is based on something you have - a device with GPS or other location-finding apps.
  3. Connecting to a website from a specific device (something you do) is based on something you have - access to one particular phone, tablet or computer.