As we've seen, authentication systems require some sort of credential. Although we usually associate credentials with some sort of document, that need not be the case. More broadly, credentials can be created using:
Something you know
Something you have
Something you are
Some combination of the three
These are known as authentication factors . In general, the more authentication factors that are present in an authentication system, the more secure it is. You'll hear the term "two-factor authentication," for example, meaning that the system incorporates two of these authentication factors. The remainder of this section will discuss some common authentication schemes and their authentication factors.
You may not have thought of cookies as an identity credential; but, the fact is, they represent the most prevalent form of identity credential on the Internet. The Hacker's Dictionary defines a cookie as a handle, transaction ID, or other token of agreement between cooperating programs. The claim check you get from a dry-cleaning shop is a perfect example of a cookie; the only thing it's useful for is making sure that you get your clothes back by relating two transactions that happen at different times.
On the Internet, cookies are exchanged between the browsers people use to access the Web and the servers the people visit. These cookies serve the same purpose as the claim check in the dry cleaning example: they tie transactions together that are otherwise difficult ...