GPG Challenge-response authentication

Problem to solve

It would be nice to have a mean of restoring access or signing in other than using password or using email to reset the password if it is lost.

Now we can upload OpenPGP public keys into accounts. They can be used for challenge-response authentication where GL generates a challenge containing the text a user must sign, the user signs the text using own private key matching the public key uploaded into the account and GL verifies the signature.

Note that a user doesn't have to enter his login since he is identified by public key.

IMHO the message to be signed must begin from the text describing the purpose of its signing and making the signature not legally binding.