Setting the Secure Enclave ACL flags as: [.privateKeyUsage, .biometryCurrentSet, .or, .devicePasscode] Results in an evaluated configuration of: [.biometryCurrentSet, .touchIDCurrentSet, .devicePasscode, .or, .privateKeyUsage] The order of flags in the evaluated configuration creates a compound authentication requirement Users are prompted for both biometric and passcode verification sequentially Successful biometric authentication still triggers a passcode prompt Failed biometric authentication followed by successful passcode entry re-triggers biometric prompt Test Cases Performed: Sequential Authentication Test: FaceID prompt appears Cover face to trigger failure Passcode prompt appears Enter correct passcode FaceID prompt reappears (unexpected loop) Successful Biometric Test: FaceID prompt appears Successfully authenticate with FaceID Passcode prompt appears (unexpected additional verification) These findings demonstrate that the evaluated ACL configuration creates a multi-factor - authentication flow instead of the intended alternative authentication methods.