Authentication is based on one or more of the following elements:

• What you know. This category includes information that an individual knows that is not generally known by others. Examples include PINs, passwords, and personal information such as a mother's maiden name.
  
  
• What you have. This category includes physical items that enable individual access to resources. Examples include ATM cards, Secure ID tokens, and credit cards.
  
  
• Who you are. This category includes biometrics such as fingerprints, retina profiles, and facial photographs.

Often, it isn't sufficient to use only one category for authorization. For example, an ATM card is generally used in combination with a PIN. Even if the physical card is lost, both the user and the system are presumably safe, since a thief would have to know the PIN to access any resources.