When to Use Non-Transparent Authentication Policies