The traditional definition of multi-factor authentication (although I couldn’t find a reference to where it originated) is that you should have two or more of:
Something you know (eg. a password)
Something you have (eg. a card)
Something you are (eg. a fingerprint or retinal scan).
The three factors aren’t independent / HN

• PAM Duress / HN – Alternate passwords for panic situations

• Microsoft ruined passwords, now aims for a passwordless future