Yep, so text messages and phone verification could really be considered a "third factor". I guess anything information you have already provided to your service provider is considered an X-factor.