Google Apps, Apple IDs, Yahoo… All of these large scale online services have two-factor authentication. I have to admit, I haven't taken advantage of this so far but I seriously intend to get around to it. It makes your account exponentially more secure.
However, lots of smaller apps are not getting around to making this feature. I don't see two-factor auth being a problem for users if you make it optional. Understandably, some people won't trust a company asking for your phone number, which is a common 2nd-factor along with a password.
Is it too difficult then? Too difficult to build this feature? Not if you read this sweet new tutorial by Roberto Miranda
: Effortless Two-Factor Authentication in Rails
He builds this feature 'effortlessly' with the help of the new ActiveModel::Otp gem. Otp stands for One-Time-Password, a key component of two-factor auth. The library also works with Google Authenticator iPhone and Android app. And it also makes it dead simple to use QR codes with the authentication process, which is demoed in the article.
Like any flashy Ruby program, the code snippets in this tutorial do a ton of stuff with only 3 or 4 lines of code. Well done Ruby. I guess you can go bake a cake with all that time you've saved