Two Factor Authentication (TFA) has been around for quite some time and one gets the idea that it must be important if big names like Apple, Google, Facebook and Twitter are using it. Banks use it to authorize payment transfers and limit changes. While on one hand, it adds another level to the authentication mechanism and slows down the transaction, it definitely makes the possibility of a hacker taking control of a system harder.
While implementing a TFA is not hard, the main issue with implementing a TFA model is recovering the login as the recovery mechanism usually bypasses the TFA model. However inspite of the complexity, I feel that that TFA is a must in cases where a user needs to VPN into the corporate network. While user tokens such as RSA's SecurId have been cracked, bio metrics might be the missing link in setting up a secure and relatively reliable model of TFA.