Are the authentication strength of the different authentication factor categories (knowledge-factors, posession-factors and inherence-factors) ranked in any way, like “inheritance-factors are stronger than posession-factors”?
I would assume that inheritance-factors are the strongest, but they also can not be changed and if they get leaked that’s quite bad.
I would assume posession factors to be the weakest as anyone can steal them, but at least you know when they are no longer in your posession.
Is there any kind of ranking between the strength of the authentication categories themselves or are they just three different things, each good in their own way?
If they are not ranked, is it fair to evaluate authentication strength based on how many factors were authenticated or are details essential to this kind of question?