As users gain access to different services, the grade of the services may vary, for example, from low value services to high value services. A low value may indicate that a low strength of authentication is required, while a high value may indicate that a high strength of authentication is required to access the service. There is disclosed a method for authenticating a device comprising the determination (204) of an authentication requirement to access a first service that is provided by a service provider, SP, the discovery (208) of one or more authentication factors, associated with the device or the user, that are available for the authentication, the determination (210) whether at least one of the discovered authentication factors are sufficient to achieve the authentication requirement and, if so, the performance (212-228) of corresponding authentication procedures.