Comment 5 for bug 938589

A GPG key option would be great, but even within Canonical there are plenty of non-technical folks who don't know how to set that up.

I'd like to see a 'paper' device type in SSO which would work like the recovery token described above (but perhaps with an entire sheet of codes instead of just one).

The SMS option sounds like it should be effective, but wouldn't help if the phone was lost since the user would lose their primary auth device and their backup at the same time. It would still help in other circumstances, though.