Which type of authentication includes both something you have and something you know?

Two-factor authentication is the process that specifically requires two separate factors for verifying a user's identity, typically consisting of something you have—such as a smartphone, hardware token, or smart card—and something you know, like a password or PIN. This dual requirement enhances security by making it considerably more difficult for unauthorized individuals to gain access, as they would need both factors to successfully authenticate.

In contrast, single factor authentication relies solely on one type of credential, which may leave systems vulnerable if that one factor is compromised. Cognitive authentication, while an emerging approach utilizing behavioral traits, does not explicitly cover the combination of "something you have" and "something you know." Finally, three-factor authentication adds another layer of verification, but it goes beyond the two factors required for two-factor authentication and thus does not fit the question's criteria.