When using username and password online, what else can we use for multifactor authentication?
C: Challenge response.
CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests
D: The cookie is a possession factor, we still have multifactor authentication with the username, password and cookie. Username and password are knowledge factors just like PINs, passphrases and challenge response.