I say letting you reset your password with your phone would be the smartest move to make with this.
If someone breached your account, (like spetch says), they would most likely have access to your email.
What's to stop them from changing the email on your account and wreaking havoc? I've seen that happen sooo many times.
It should be optional, and it should only be used for things regarding resetting your password or signing in from a foreign location triggers it. Not every time you sign in.
When I say foreign location, I don't mean everytime your IP changes, just an IP outside of your IP range. Like if you're from USA, you wouldn't want someone from Korea to login to your account.
Having mobile authentication on your account just for suspicious logins and possible master password reset (in the event you're hacked and they have changed your email).
This post was edited by benjani on Dec 17 2013 02:47am