I'm not interested in using an application on my smartphone or a USB dongle for multi-factor authorization. Why can't hosting companies use the same tech that banks use where you can receive a code via SMS or an email, both options being available for the user to choose from when requesting the code? Until then, I refuse to use multi-factor authorization and no, using backup codes is not acceptable either.