Security is only as good as the people who use it. Genuinely strong passwords won't get broken very often, but as long as there are ways to circumvent the password field, multifactor is still useful. And, of course, depending on your background, your idea of a strong password may not actually be very strong. [url= This is usually the point where someone links to the xkcd strip about bit entropy, or mentions their credentials as a CEH or CISSP or something, but what I really mean is whether or not your preferred passphrase is decomposable into parts easily found on a good rainbow table. And it's entirely out of your hands if the password you use is stored in an unsalted hash in a database that happily rolls over when it sees bad SQL or something. ][/url]None of the additional security is really necessary; it can be very helpful, though, and might be required by policy.