Almost everyone has experience with two-factor authentication; after all, if you have ever used an ATM to grab some cash, you've had to supply your ATM card and a PIN. However, many people resist using this strong form of security for their online accounts, and usually for bogus reasons.
I Have a Strong Password
You have followed all of the expert advice, and your important passwords are all eight characters, a combination of letters, numbers, and special characters and not a dictionary word. You never re-use passwords, and change them regularly. That's should be enough, right? Wrong. Hackers are smart, and they have found ways to crack even the most "uncrackable" passwords. And in the case of massive breaches like the recent Heartbleed breach, even the strongest passwords weren't immune. Strong passwords are great, but strong passwords combined with another factor are better.
It's Inconvenient to Enter an Extra Code
We live in an instant gratification culture. We want everything immediately, so the idea of waiting an extra 30 seconds to receive a one-time code via SMS to access an account sounds like an eternity and an unnecessary inconvenience. An extra step is just a hassle. Consider this, though: How much of a hassle will it be to recover all of your data and undo the damage to your online life if a hacker accesses your information? There are plenty of ways to remove some of the "inconvenience" of two-factor authentication. Most websites that offer the service allow you to designate trusted devices that will not require the extra code, for example, or you can use a token that allows single sign on capabilities for multiple applications. In short? It doesn't have to be complicated or inconvenient.
One common misconception is that the average person has nothing of value to hackers, who are focused on higher-value targets. That false sense of security is dangerous, as hackers are often indiscriminate in whom they attack and will usually find something they can use in every account. From money to contacts to access to corporate networks, you have something that hackers want, so you need to do everything you can to protect it.
It's Not Really That Secure
There are some who argue that two factor authentication itself provides a false sense of security; after all, what happens if your mobile device is stolen or you lose your security token? There have also been some reports of hackers breaching two factor authentication systems. The fact is, no security solution is perfect, and as long as valuable data exists, someone is going to steal it.
With two-factor authentication, though, you are providing an extra layer of security that significantly reduces the likelihood of your data being stolen. Currently, two-factor authentication is widely considered to be the strongest means possible for authenticating users and protecting data, so there is no reason to allow the unlikely event of a breach to deter you from using it.
It's Too Expensive
In the past, two factor authentication solutions were cost prohibitive for many businesses, and only the largest enterprises used it with any regularity. Today, it's more affordable, with security token solutions generally less than $50 per employee. Most online services offer two-factor authentication for free as well, so there is no reason to claim cost as the reason for avoiding it.
Some experts predict that within the next two years, two-factor authentication will become the standard, and everyone will be using it almost everywhere.