1. A physical device the size of a USB drive that stores cryptographic keys and certificates; plugs into a USB port; authentication is phishing-resistant because it is cryptographically bound to the specific site's domain
2. The user's iris pattern captured during enrollment; converted to a mathematical model stored in the authentication system; cannot be changed if the database is compromised
3. A 6-digit numeric code generated by a smartphone application that changes every 30 seconds using a shared seed value and the current timestamp; requires access to the registered device
4. The user's GPS coordinates reported by the authenticating device; used to verify that the login originates from an expected geographic area; imprecise and can be spoofed
A. Something you have (USB security key)
B. Something you are (biometrics)
C. Something you have (software token)
D. Somewhere you are (GPS location)