The reason I'm not using 2FA right now is twofold. First, because Google doesn't have half of their services using it for some undefined reason (for at least a year plus!). Also, the whole "app specific password" thing is a huge pain in the ass. (And appears to randomly stop working on say, IMAP mail).
Second, because the mobile authenticator is not feasible for me right now. I do a lot of android development work (well, mostly screwing around, but we'll call it work) on the side, with the result that I'm wiping my phone for romflashes at least once a week. Makes everything going through a mobile app a little useless.
I really wish Google would support a hardware token of some kind.
Yes, can someone explain why Google Chrome doesn't support 2FA on the desktop or iOS? It's bizarre.
(Well, I suppose it's tragically normal. I'm sure there is a corporate directive that says every Google service must support 2FA, but Chrome has an exception so they don't need to do it yet.)
OK, but it should be asking your for an authenticator code instead. It uses this bizarre "normal password + app specific password" requirement that isn't used anywhere else.
Your data is encrypted with the normal password, so it needs it to decrypt the sync data. The App-specific password is used to log in to the server to GET the sync data in the first place.
I don't think your information is up to date. I have definitely been asked for a verification code when logging into Chrome 22. And yes, I mean the kind of code generated by the Google Authenticator app, not an app specific password.
Second, because the mobile authenticator is not feasible for me right now. I do a lot of android development work (well, mostly screwing around, but we'll call it work) on the side, with the result that I'm wiping my phone for romflashes at least once a week. Makes everything going through a mobile app a little useless.
I really wish Google would support a hardware token of some kind.