I think this one feature would cut down a lot of theft and if your wallet required it even if a hacker got your wallet they still need your 2 factor device to use it. It might save a lot of lost coins.
-
http://thejeshgn.com/2012/06/11/pyg2fa-python-library-google-authenticator-with-web-app/One time passwords (OTP) are useful for protecting against replay attacks, such as what might occur on a compromised system that has a malware keylogger.
But to support this, the Bitcoin.org client would need to know the key. If that key were stored on the filesystem or in the database it would need to be stored unencrypted. So if the attacker has access to the database then the attacker has access to the key. If the key weren't stored, and instead the user were prompted for the key, that would be something vulnerable to a replay attack. So you really don't get much benefit from adding OTP to the Bitcoin.org client.
Now, a Yubikey can still be useful with the Bitcoin.org client though. Although this has nothing to do with two-factor authentication, I see the Yubikey also supports a static password capability. So if I understand Yubikey's documentation correctly, you could use the Yubikey in this static password mode when using the BItcoin.org client's wallet encryption. You simply have Yubikey provide the passphrase used to encrypt the keys and then use the Yubikey each time the client asks for the passphrase (e.g., to add a new address or to send a payment). I see the Yubikey support dual mode capability meaning you can use it for both a TOTP purpose and for a static password purpose as well. I don't know if the Yubikey's from Mt. Gox still have this capability as those are modified Yubikeys.
