Knowledge Factor (Something You Know)
What is Knowledge Factor (Something You Know)?
Knowledge Factor (Something You Know)An authentication factor based on information the user knows, such as a password, PIN, passphrase or answer to a security question.
The knowledge factor is one of the three classical authentication factors and represents "something you know". Typical examples are passwords, PINs, passphrases, recovery codes and answers to knowledge-based authentication (KBA) questions. Knowledge factors are easy to deploy because they require no extra hardware, but they are also the weakest factor: they can be phished, guessed, reused across sites, leaked in database breaches or extracted by malware. Standards such as NIST SP 800-63B treat passwords alone as insufficient for high assurance and recommend pairing them with possession or inherence factors in a multi-factor authentication scheme.
● Examples
- 01
A user typing their account password to log in to a SaaS application.
- 02
Entering a 6-digit PIN to unlock a smartphone screen.
● Frequently asked questions
What is Knowledge Factor (Something You Know)?
An authentication factor based on information the user knows, such as a password, PIN, passphrase or answer to a security question. It belongs to the Identity & Access category of cybersecurity.
What does Knowledge Factor (Something You Know) mean?
An authentication factor based on information the user knows, such as a password, PIN, passphrase or answer to a security question.
How does Knowledge Factor (Something You Know) work?
The knowledge factor is one of the three classical authentication factors and represents "something you know". Typical examples are passwords, PINs, passphrases, recovery codes and answers to knowledge-based authentication (KBA) questions. Knowledge factors are easy to deploy because they require no extra hardware, but they are also the weakest factor: they can be phished, guessed, reused across sites, leaked in database breaches or extracted by malware. Standards such as NIST SP 800-63B treat passwords alone as insufficient for high assurance and recommend pairing them with possession or inherence factors in a multi-factor authentication scheme.
How do you defend against Knowledge Factor (Something You Know)?
Defences for Knowledge Factor (Something You Know) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Knowledge Factor (Something You Know)?
Common alternative names include: Something you know, Knowledge-based factor.
● Related terms
- identity-access№ 844
Possession Factor (Something You Have)
An authentication factor based on a physical or cryptographic item the user holds, such as a hardware token, smart card, authenticator app or registered phone.
- identity-access№ 533
Inherence Factor (Something You Are)
An authentication factor based on a biometric characteristic of the user, such as a fingerprint, face, iris, voice or typing rhythm.
- identity-access№ 623
Location Factor (Somewhere You Are)
A contextual authentication factor that uses the user's geographical or network location, such as GPS coordinates, IP geolocation or office Wi-Fi, to evaluate a sign-in.
- identity-access№ 1154
Time Factor (Authentication)
A contextual authentication factor that restricts or evaluates access based on the time of day, day of week or duration of a session, often combined with risk-based policies.
- identity-access№ 708
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
- identity-access№ 798
Password Policy
A documented set of rules governing how user passwords are created, stored, rotated, and validated to balance security against usability for the workforce.