For the purpose of CRA-5.9.2, licensees must ensure that the authentication elements are independent from each other, in that the breach of one does not compromise the reliability of the other and are sufficiently complex to prevent forgery.