What's the alternative that regular people will understand how to use and not get locked out of?
TOTP is pretty standard. Give the user backup codes and just use normal recovery methods. For most things that might be email. For a bank it's probably identity verification.
alt Hacker News
TOTP is pretty standard. Give the user backup codes and just use normal recovery methods. For most things that might be email. For a bank it's probably identity verification.