Two Factor is NOT smoke and mirrors, albeit, by phone/sms it possibly is.
But you have Airbitz/Edge, BitID, etc that need no password and are designed for blockchain/decentralised and regular logins. We already see its use with Bitshares/OpenLedger as a password-less login method impossible to directly hack.