Remember last year's well-publicized leak, which exposed some celebrities' nude photos? The story not only made some individuals' day (and probably night), it turned to be a very educating precedent. For instance, it made many people realize that their pet's name is not the safest password, and two-factor authentication is not meant exclusively for IT geeks, but for any Swarovski-adorned iPhone owner as well. However, 2FA in iCloud, as well as in Gmail, Facebook and many other web services, is optional. Thus the consequences can be devastating, especially if your work at an Internet company. Here's part 1:
Two locks are better
The majority of people think of two-factor authentication as of the system sending one-time passwords in text messages. Well, it's the most prominent method of 2FA for web services, yet it's by far not the only one.
In general, 2FA is like a door with two padlocks. One of them is the traditional login-password combination, and the second could be anything else. Moreover, if two padlocks are not enough, you might employ as many as you like, but it would make the process of opening the door much longer, so it's good to start with at least two.
Passwords sent via SMS are a comprehensible and relatively reliable way of authenticating, which is not always handy. If you don't have coverage (which is frequently the case when you travel), that means no password for you. You might lose your phone, after all, and being unable to leverage other means of communication in a situation like that is even more frustrating. To cover you in such cases, many web services like Facebook and Google, offer other options. For example, they offer a list of one-time keys which you can preemptively compile, print out and store somewhere safe.
Moreover, 2FA with one-time codes delivered via SMS might be enabled not at all times but only when someone logs in from an unknown device. So, unless you are logging in from a new device every day, SMS-enabled 2FA is not a big deal. Once setup, it works ok.