[herbst]

Thank you. I dont really get the however. Do you mean i missed to provide a solution? Thats true, other than my github example i did not provide any solutions.

My current mission is to plant this thought into peoples heads, especially those who implement such systems (why i posted on HN). All i really want right now is a workflow to help people having similar issues, if a company is aware when they build such a system they will also be able to find individual solutions that fit into their market.

Like my bank can offer paper tan, Github can offer private key authentification, and Twitter should not ask for a telephone number at all because they allow multiple accounts per number anyway. Also 2FA should be possible with Email and not only SMS.