User and password verification with two-factor authentication isn't as easy to use as plain old user and password, but with smartphones it comes very, very close. At the same time, the security benefits from having another secret stored on a different terminal are massive. Users' accounts aren't necessarily compromised if their passwords are.

In my mind, two-factor authentication is one of the least tedious things you can add that adds the most security to user accounts.

"But it's a pain to add to your application, right?"

No! Just take a look at main() in this example that uses only the Python standard library