[AndrewDucker]

Persona is only handling authentication temporarily.

Once email providers start providing their own Identity Providers then the security falls entirely on them.

For instance, once GMail starts being its own authenticator, my two-factor authentication there will kick in.

[callahad]

Identity Bridging will eventually get 60-80% of users functionally off of our fallback and onto their provider's native authentication paths, but I do wonder if the Persona fallback support two-factor auth natively for the remaining 20-40% of users.

Thoughts?