LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the four authentication factor categories in security?

Wissen (knowledge), Besitz (possession), Eigenschaft (inherence/biometric), Fähigkeit (ability/behaviour).

The four categories:

Category "Something you..." Examples
Wissen (Knowledge) ...know Password, PIN, security questions
Besitz (Possession) ...have Hardware token (SecurID), smart card, phone with SMS, FIDO2 key
Eigenschaft (Inherence / Biometric) ...are Fingerprint, iris scan, face recognition
Fähigkeit (Ability / Behaviour) ...can do Signature, voice pattern, typing rhythm

Multi-factor authentication combines at least two different categories — not two things from the same category. Two passwords ≠ MFA. A password + a fingerprint ≠ two passwords, but a password + a hardware token = real 2FA.

Strength trade-offs:

  • Wissen is convenient but easily phished, guessed, or reused.
  • Besitz is strong (attacker must steal hardware), but the user can lose it.
  • Eigenschaft is convenient and bound to the body, but irrevocable — you can't change your fingerprint after a leak.
  • Fähigkeit is the least-developed category but increasingly used for continuous, passive auth (behavioural biometrics).

Tip: Modern recommendations (NIST SP 800-63) treat SMS as a weak Besitz factor due to SIM-swap attacks; push-app prompts and FIDO2 keys are preferred.

From Quiz: ISF / Access Control | Updated: Jul 14, 2026