Certificates are associated with security mechanisms to control their use and are based on different layers of protection: something the person knows or inherent to the user. These identification procedures are known as authentication factors.
To be considered robust authentication at least two authentication factors are required:
- Something the user ”knows” (password).
- Something the user may ”possess” (key card, SMS Token, OTP Token).
- Something the user ”makes or is” (signature, voice-over, fingerprint, iris or any other biometric factors).