Well, I am asking myself - why they don't put 5 layers of security, or 10, why to stop at just two? Five layers of security will make things really more secure. The problem is - I'll lose half hour just to log in my mailbox /in which there's nothing interesting to anybody but me/ every time I want to check my new bunch of spam. And sometimes I need to check like 10+ times a day for work related messages, so making the login procedure more cumbersome really gets in my way.
I'm always astonished that relatively mundane services like google and facebook have two-factor authentication, but none of my financial institutions implement it. Moreover, one of my banks doesn't even allow special characters in their password field, much less 2nd-factor authentication.
2FA can be a chore, but it's worth it. I really like the direction that modern two-factor companies like Toopher are going. I enabled them on my Lastpass account and I dig it.
It feels like we have a bit of a chicken-and-egg problem where users don't know about two-factor and those who do know about it, don't like it. But, without a market--without user demand--companies are not motivated to offer improved services. As pepe2907 implies above, people want improved security without the hassle.