Maybe the the oauth provider (fb other twitter) could txt a code to the registered mobile on the service that could be used instead