Compromising email + cloud key

• Attempt to enforce different email addresses for Email Key and Cloud Key.

Researching user security answer + map points

• Security Notifications, as both require calls to serverless functions

Theft of NFC device + another single attack

• Security Notifications, combined with a modification of NFC to require some service calls when brute-forcing the missing entropy