Authentication mechanisms are grouped within the three subcategories listed below. Note that individual credential and token types are not broken into their own categories and are instead included within one of these three categories.

User to Device: Mechanisms used by a user to authenticate with a mobile device, such as use of passwords, fingerprints, or voice recognition. This is most often local authentication to a device's lockscreen.

User or Device to Remote Service: Mechanisms used by a user, or a distinct non-person entity (NPE), to remotely authenticate to an external process, service, or device.

User or Device to Network: Mechanisms used by a user, mobile device, or peripheral to authenticate to a network (e.g., Wi-Fi, Cellular). This commonly includes proving possession of a cryptographic token.

Threat List

User to Device

User or Device to Remote Service

User or Device to Network