[PCI DSS 1.x] 8.2 In addition to assigning a unique ID, employ at least one of the following methods to authentica

8.2 To verify that users are authenticated using unique ID and additional authentication (for example, a password) for access to the cardholder environment, perform the following:

  • Obtain and examine documentation describing the authentication method(s) used
  • For each type of authentication method used and for each type of system component, observe an authentication to verify authentication is functioning consistent with documented authentication method(s)

Dual factor for Cisco VPN

I am trying to get some clarification on dual factor authentication for Cisco VPN clients

I manage my VPN clients by having them authenticate via LDAP to my Active Directory.

Then running an internal cert server to issue out certificates to install on individual machines.

The Cisco VPN client generates a CSR which is unique to that machine.

So my question is

Does a .PCF file qualify under the Dual factor authentication? The one thing that scares me is I can take that grouppassword hashed value and reverse it and get the password.