This seems like it isn't getting rid of user/pass authentication, it's just pushing it onto someone else, in this case your cell or email provider.
Other users have correctly stated that this doesn't increase the attack surface, however it does increase the value of a single vector.
Please correct me if I've missed a key point in the OP, I didn't spend lots of time reading the finer points of the implementation.
This seems like it isn't getting rid of user/pass authentication, it's just pushing it onto someone else, in this case your cell or email provider.
Other users have correctly stated that this doesn't increase the attack surface, however it does increase the value of a single vector.
Please correct me if I've missed a key point in the OP, I didn't spend lots of time reading the finer points of the implementation.