-
(a): Allow the use of [authentication factors allowed to be used that are different from the primary authentication factors are defined;] that are different from the primary authentication factors after the number of organization-defined consecutive invalid logon attempts have been exceeded; and
-
(b): Enforce a limit of [the number of consecutive, invalid logon attempts through the use of alternative factors for which to enforce a limit by a user is defined;] consecutive invalid logon attempts through use of the alternative factors by a user during a [time period during which a user can attempt logons through alternative factors is defined;].
Supplemental
The use of alternate authentication factors supports the objective of availability and allows a user who has inadvertently been locked out to use additional authentication factors to bypass the lockout.