Add note that UV is not MFA the first time UV=1 is seen

index.bs

@@ -1394,6 +1394,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
     through various [=authorization gesture=] modalities; for example, through a touch plus pin code, password entry, or
     [=biometric recognition=] (e.g., presenting a fingerprint) [[ISOBiometricVocabulary]]. The intent is to
     distinguish individual users.
+    See also [[#sctn-authentication-factor-capability]].
 
     Note that [=user verification=] does not give the [=[RP]=] a concrete identification of the user,
     but when 2 or more ceremonies with [=user verification=] have been done with that [=credential=]
@@ -5265,6 +5266,13 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
     If [=user verification=] was determined to be required,
     verify that the [=authData/flags/UV=] bit of the <code>[=flags=]</code> in |authData| is set.
 
+    Note: [=User verification=] MUST NOT be relied upon as an [=authentication factor=]
+    if <code>|credentialRecord|.[=credential record/UV=]</code> is [FALSE].
+    This is because the first time a [=public key credential source=] sets the [=authData/flags/UV=] [=flag=] to 1,
+    there is not yet any guarantee that the same user is operating the [=authenticator=] as in previous [=ceremonies=].
+    If <code>|credentialRecord|.[=credential record/UV=]</code> is [TRUE],
+    then [=user verification=] MAY be relied upon as an [=authentication factor=].
+
 1. If the credential [=backup state=] is used as part of [=[RP]=] business logic or policy,
     let |currentBe| and |currentBs| be the values of the [=authData/flags/BE=] and [=authData/flags/BS=] bits, respectively,
     of the <code>[=flags=]</code> in |authData|.