Another approach would be to use 2FA via sms. In my opinion it's safer than the one via email.
I know that Venkata didn't want to do it due to fact that users would say that we should provide them with phones... The case is that at LIH everybody has mobile provided by LIH. We can ask people at PRC if it's fine if they use their private mobiles for authentication. I think if Linda, Gealdine, Michele agree to that it would be enough.
Another problem is that we need to pay for every sms (it's ~1 cent per sms).
The topic was discussed this morning with Jean-Yves and Linda.
Jean-Yves is ok to use his phone for 2 factor authentication. Linda is not so keen on using her personal phone for this but she will ask her colleagues.