CISSP Practice Exam 2025 – Complete Prep Guide

The classification of authentication types is often aligned with the concepts of multi-factor authentication, and the phrase "something you have" specifically refers to a tangible object that can be used to verify a user’s identity. This concept is integral to Type 2 Authentication, which involves possession-based authentication. In this type, the user must present a physical token or device, such as a smart card, security token, or mobile device that generates a one-time password.

The reason Type 2 Authentication is linked to "something you have" is because it emphasizes the idea that possession of this item is critical in the authentication process, thus adding an additional layer of security. This is distinct from the other types, which focus on different aspects of authentication, such as knowledge (like passwords) or inherent characteristics (biometric data). Thus, options associated with knowledge or biometrics do not fit within the "something you have" framework that Type 2 Authentication encompasses.