Hacker News new | ask | show | jobs
by aes 4658 days ago
Assuming the phone isn't locked.

A combination with email confirmation plus two-step verification like Google Authenticator could work as well.
1 comments
parsnips 4658 days ago
If the attacker has the phone, the second factor (typically sms) won't work very well.
link