bill - 1:37 am on May 24, 2013 (gmt 0)
Perhaps you're not clear on multi-factor authentication? It's not a question of adding your own security questions. In addition to a password you have a token of some sort that you always have with you, like a USB key, a security dongle, or in this case your mobile phone.
They screwed this up for me because Twitter has never supported my phone's SMS system in Japan, so I'm unable to use this even if I wanted to. That's why it would have been better for me if they had used a software key generator.