You can also register a U2F key. On Wed, May 27, 2015 at 3:17 AM, <valdis.kletni...@vt.edu> wrote:
> On Wed, 27 May 2015 09:13:47 +0530, Anil Kumar said: > > that link, since I have two-step verification set up, I was presented > > with a demand for a number provided by the Google Authenticator > > app on my phone. I provided that number and only then was I allowed > > to reset the password. > > And you have to pre-register the phone number. > > Sounds about as secure as you're going to get when trying to scale to 10 > digits of users.... > > And as I said earlier - if your threat model involves needing more security > than that, you have bigger problems.. :) >