, swheaties wrote

Clearly you don't understand two factor auth.  How does sending an email to a phone qualify as two factor auth but sending an email to a computer does not. 

*snip*

Clearly you don't understand two factor auth Wink

Multi-factor authentication was not designed to verify your identity; its purpose is just that of making it harder to compromise your account (and removing single points of failure). Leaving biometrics aside, it all boils down to mix "something you have" with "something you know", the typical example being an ATM card and a PIN. (the little device you mentioned is just a glorified ATM card, with the added bonus that it allows you to prove ownership online).

In the case at hand, the password to your email account serves as the "something you know" factor, while your mobile phone (actually, the phone number) serves as the "something you have", so it's a good example of two-factor authentication.

Things can be less than ideal with smartphones, where it's possible to set up the sensitive email account and leave it unlocked. But since someone cracking your password is a much bigger threat than someone stealing your phone, it's still better than nothing.