In multifactor authentication, what does "something you have" typically refer to?

In multifactor authentication, "something you have" typically refers to a physical item that an individual possesses and uses as a means to verify their identity. An ID card serves as a tangible object that grants access to secure areas or online systems, confirming the user’s identity in conjunction with other authentication factors.

This physical aspect makes the ID card distinct from other authentication factors such as a PIN, which is something you know, and a fingerprint, which is something you are (biometric authentication). An access list, on the other hand, is a set of permissions and does not represent an item an individual possesses for personal authentication. Therefore, the identification through an ID card is considered a valid representation of the "something you have" element in multifactor authentication.