A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of continuous user custody.