2FA Continue to be cost effective and viable for identity protection, as you read the recent news where Google issued a 10k physical USB authentication key for high risk people who use their services. It is also better than doing nothing, as most of the users will prefer to recycle and use the same password all the time, until you force them to change.
Two Factor Authentication (2FA) and modern proposes for multi factor authentication (MFA), adding additional layers of authentication to make it much harder for hackers to spoof the identity or gain access to the important account. Strongest web application is as strong as the password you use, if you use a weak password, the web application is weak due to it.
Google has their own Google Authenticator app as the software free to use for 2FA. Be note it is free to use but subject to a man-in-the-middle attack: if the computer used for the login process is compromised by a trojan, then username, password, and one-time password can be captured by the trojan, which can then initiate its own login session to the site or monitor and modify the communication between user and site.
With the known risk, using the Google Authenticator app for 2FA is better than having nothing. But of course, if you are a high value user, it is recommended to use USB Security with biometric to mitigate the risk.
We will see high value and high profile user accounts being stolen and used for sending spam or used for issuing email to carry trojan to someone the high value users know. If you are one of them, and you are doing nothing at the time, you better do something until it happens to you. In the modern day, we are use our email account as one of the important source for authentication or reset password, if you are lost it or stolen by someone, they can use it to receive password reset and you will have problem to gain access to all the program you are right now using.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.