It is generally acknowledged that user authentication can be accomplished by using some combination of something known by the user (a password or PIN), something possessed by the user (a badge or token), or some unique feature of the user (e.g., a voiceprint). Very strong authentication methods are often built from a combination of these, such as when you present your ATM card at an ATM machine. In this case you generally present two things: the card itself (something you possess) and the PIN (something you know). The advantage of this is that if someone steals your card, then they still need to know your PIN in order to impersonate you.