For your dual source password validation
Your two step user validation requires a cell phone to receive the code to validate the user. My cell always seems to be someplace else. Why not send it also to another web page that would require another login to retrieve. Both a keyboard and a phone are a pain.