"oathauth-step1-test": "Download a mobile app for two-factor authentication (such as Google Authenticator) on to your phone.", "oathauth-entertoken": "Enter a code from your mobile app to verify:", "oathauth-auth-ui": "Please enter verification code from your mobile app",
Maybe less of an issue on the step1 message... But "from your mobile app" is crappy.
You don't *have* to use a mobile app...
They also don't mention the one time use passwords that can be used...