Applications may need more than one token per user, for instance, to temporarily grant elevated privileges to a user. In order to verify that the token presented by a user actually corresponds to the privilege level that the application requires for an operation, a new validation factor is required.