Distributing one-time passwords
I'm working on a web service that needs two factor authorization, and therefore I need a way of securely distributing one-time passwords. The primary method will be sending a SMS to the users phone with the password, but I need a fall back method in case the user don't have the phone where he is.
So, there is imho two practical ways for me to do this.
Create a "card" with n number of predefined password and e-mail this to the user in advance.
Or e-mail the user just one password instead of sending the password on SMS.
The problem is that e-mail isn't the most secure way of communicating, so any ideas on how to do this more secure, or any thoughts at all?