While I'd appreciate two factor - I'd really want it either a) with a good remember me function as per google's gmail or b) only at the point of purchase.
I login too often to be confronted by 'enter this value from sms/authenticator' every single time.
However, due to PCI compliance - I'm pretty sure a) couldn't be done without also doing b) anyway.