Two-Factor Authentication

I am a strong proponent of two-factor authentication but the worrying thing is the way it's being advertised or pushed as a holy grail of security. The weakest link is still the person using the service/device and if they continued to use weak passwords then it just become the matter of loosing your token device or mobile. When enabling two-factor authentication users still must advised to setup secure passwords with at-least 10 digit length containing Alp