Agreed; I got half way through setting up Google's 2 factor but then was told I had to use it for every login, instead of say when I was logging in from a different IP or doing some big change.
The second factor auth can live in a cookie for 30 days. Since I use the same two computers all the time, I only have to pull out the 2factor authenticator app every couple of weeks. Not a big deal.
I am really, really happy to have 2factor auth for my gmail account. In retrospect, I think it's crazy I hadn't set it up before.
You don't actually have to use it on every login. There's an option to remember a computer for 30 days. I have this option ticked in a single browser on my main laptop, and I input the verification key for everything else. Not a pain at all and definitely worth the added security.
If you use more than one browser per machine, you need to reauthenticate for each one, which multiplies the inconvenience. Also the need to generate passwords for apps that don't use 2 factor authentication (IMAP, IM clients).
Although, I still think it's worth the added effort.
If you feel your machine is well-secured and your passwords are properly encrypted, you might want to set up a device-specific password for yout machine, with limited access somewhat as suggested in the top post. Then you'll only need two factors to access your account settings.
The downside, like I pointed out in another comment [1], is that even with (hypothetical) read-only access to your email account, a malicious party could arguably steal your accounts elsewhere on the net — that being the main reason why you'd want to have 2-factor authentication whenever possible.
But the trading the 2-factor auth for Google's disposable, device-specific passwords is not at all unreasonable.
30 days, divided by the number of computers you log in on. In my case that could be as much as 7 machines, so I'd expect to need to log in every 4 days or so. Definitely more hassle than desired.
