Ben has an issue with 2-factor authentication. Leo says that text message 2-factor authentication isn't safe anymore because "sim jacking" can occur, by bad guys figuring out what your cellphone number is, and then using social engineering to get them to reassign that number to a new SIM. Once they do that, they have control of the mobile device and can control even 2-factor authentication. That's why Leo supports using an authenticator. He uses a hardware-based model called Authy. Also, users can get their account back by giving Google a separate number and non-Gmail email address. That's why Leo recommends 2-Factor Authentication but encourages turning off text messaging fallbacks.
Ben can also set a PIN number on his mobile account. If bad guys don't have that, they can't sim jack.