...
- Second factor only (used in conjunction with username/password)
- Duo
- OTP tokens (Do we care if these are hardware or software? Does this include SMS codes?)
- U2F
- Mobile app (Duo, Google Authenticator)
- Telephone callback (IVR)
- Multi-factor tokens
- PKI with PIN or passphrase