Separate activation counter for OTP from counter for authentication

[petrdvorak]

We might consider separating the maximum failure count for finished activations (counter is used during signature verification) and the maximum failure count for the activation OTP used during activation (the counter is used during activation). We now use the same values for this and hence it is not possible to configure the case "we need 3 attempts at most during activation for OTP, and 5 attempts for the authentication afterward".