Evaluate a multifactor authentication solution using nested Credentials.

[andrewbwm]

This seems to work by nesting Credentials via the Data asset.

If we are content with this implementation perhaps we want to remove the "TwoFactorAuthentication" defence on the Identity asset. We just need to make sure the behaviour is the desired one.

[andrewbwm]

The reworking of Credentials in #58 resulted in introducing a new association between Credentials called ConditionalAuthentication. While more broad in scope its primary use is likely to be multi-factor authentication. The relationship prevents a Credentials asset from being used if the requiredFactors associated with it have not been compromised.

Additionally, credentials guessing was introduced and it is inversely proportional with the securityAwareness defence of the User to which they belong(via Identity assets).

Three new defences were also introduced.

1. notGuessable is directly tied to the credentials guessing mentioned above and simply states that those credentials cannot be guessed by the attacker due to some of their innate properties.
2. notPhishable means that they cannot be stolen via social engineering due to some intrinsic traits.
3. unique represents that the attacker cannot use this credentials as a part of credentials reuse attack(either as a source or as victim).