you might consider offering an SMS token as google does with gmail logins
While this is a good idea in general, keep in mind that recently
weird things have happened.
Until a reasonable explanation comes up for that, I wouldn't feel much safe with SMSs.