Certificates are associated with security mechanisms to control their use and are based on different layers of protection: something the person knows or inherent to the user. These identification procedures are known as authentication factors.
To be considered robust authentication at least two authentication factors are required:
Something the user ”knows” (password).
Something the user may ”possess” (key card, SMS Token, OTP Token).
Something the user ”makes or is” (signature, voice-over, fingerprint, iris or any other biometric factors).