My point is, even with quantum computing™, all you need is simple email server with 3 attempt before user lock. If you can't manage this, public key is not the answer. I Have seen only <10 scenarios when private key in the user hands solves the problem. None were scam related.