I know it isn't since the service the user is authenticating to cannot check the PIN correctness or existence. I need, however, to explain this to people who are convinced this actually is a two-factor authentication, since the user is required to use PIN by Terms and Conditions. Is there preferably some kind of "authoritative" definition I could build my argumentation on? Found only NIST 800-63-2 but it's inconclusive in this case.
Aucun commentaire:
Enregistrer un commentaire