The validation factors currently generate tokens based on machine specific attributes, such as remote host, user-agent, etc.

If a user on a machine had multiple identities, then the token generated would be the same (as the machine attributes are the same).

It would be nice if this token was unique based on the current validation factors as well as the username of the principal and the directory which the principal belongs to (uniquely identifying the principal).