Is two-factor authentication worth the potential headache?