Everyone should still have two step verification in place on all of their emails.
I've had two step on my Gmail account for quite a while. It's a great security feature. The only problem I've had with it which was my fault is the time I flashed my phone and forgot to turn off 2 Step on my accounts.
What a PITA that was. Luckily I had backup codes in a true crypt volume that I knew the password too.
I have two step on my primary Gmail, Lastpass, Dropbox, Dreamhost, CMS Commander, and Digital Point (not sure why DP, I rarely login).
Lastpass recently started supporting
Transakt which I'd never heard of. I trust Lastpass though and they put it into the fold it must be good. So, I tried it out. It's neat. Basicly on login you get a notification on your phone to accept or approve login, no copying of codes needed. Transakt still has codes for backup purposes but it's a whole lot easier just to hit accept rather than remember a 6 digit code.