"I am also not super-confident about two-factor auth. I noticed that with Google Apps the verification SMS messages can be read using the web interface for my telco provider. A web interface that is protected by nothing more than an email address and password with the same weak security questions."
While google DOES have an SMS seconds factor, I highly recommend use their Google Authenticator app [1] instead, which generates the code directly on your phone, sans network communication.
While google DOES have an SMS seconds factor, I highly recommend use their Google Authenticator app [1] instead, which generates the code directly on your phone, sans network communication.
[1] support.google.com/accounts/bin/answer.py?hl=en&answer=1066447