I quite like that idea also. And I would not have thought it would be that difficult to implement in most systems these days

Having 1 or 2 backup email accounts and/or an SMS sent to a registered mobile phone number seems to me to be relatively simple to implement

Along with a built-in delay, the inconvenience of having to wait is way better than losing access to critical accounts