It's really quite amazing that I can use 2 factor authentication both my google accounts and facebook. When I see people get "hacked" and lose access to their email and facebook I always advise them to turn it on. Ironically, they decide that its too much work to protect themselves and would rather take the risk. For non-techies I think that mentality is quite common, its quite scary. I wonder if its possible to have an user friendly, secure authentication system.
They just don't know the merits of two factor authentication. That's said, however, as both services allows users to "remember" the sessions for a lengthier period of time, it's still insecure to sign in two those services even with two-factor authentication.
What attack can you make with the "remembered browsers" feature that you couldn't do without it? Stealing someone's computer and password and doing things with that?
