In computing systems, authentication techniques may be used to verify the identity of a user or device attempting to access data. Authentication techniques may use one or more factors to verify that the user or device has permission to access the data. Examples of factors include usernames, passcodes (e.g., a string of one or more characters, such as letters, numbers, or punctuation marks), personal information (e.g., social security number or mother's maiden name), device information (e.g., a cookie stored on the device or a passcode generated by a token), and biometric data (e.g., a fingerprint or voiceprint). In general, an authentication technique may be made “stronger” by increasing the number and/or types of factors used to verify the user and/or device. Authentication techniques made stronger with known authentication factors, however, may be relatively inconvenient for the user. For example, the user may have to remember complicated passcodes, or the user may be required to have certain hardware (e.g., a token or a fingerprint scanner) to access the data.