Reality: You go into Google account security and choose 'Clear the phone info and printable codes' and 'Forget all other trusted computers. Require a verification code the next time I log in from any other computer'.

I think the answer is that you can print out one-time codes on paper and put them into your wallet.

I would also recommend putting an unlock pattern on your phone to protect in case your phone is stolen.

I just set up 2-factor auth

1) You still need to enter your password every time you log in.

2) You can add backup phones that can be called/texted with the verification codes

3) You can print out back-up codes that will always work (once)

4) If your phone is stolen and is using an application-specific password, you can revoke that password for that application.

What are you trying to protect against in this case?

If your phone gets stolen and it's logged in to your google mail without a lockscreen pin/code, then yeah - the thief can read your mail, 2fa won't help. They can also run your Authenticator app and see the current 6 digit number, but that's not useful without the password as well.

(I'm not sure how easy it is to extract the Google password from an Android or i phone - I wonder if you can just switch them to non-TLS POP3 or IMAP and have them send a cleartext password over an unencrypted wifi connection?)

If the phone is rooted(as is the case with mine) then an attacker could change the list of trusted Certificate Authorities on the phone and then perform a MITM attack to get any passwords being passed over the air.

However, I think google services use XMPP if I'm not mistaken. In which case the password is never actually transmitted over the air. XMPP uses Digest access authentication[1]. Short version: the server would first send a challenge to the client. The client hashes the challenge with a hash of the password and returns the result. The server performs the same operation and compares. So even with a MITM you'd get nothing. Furthermore, the client itself would never need to store the password either.

[1] http://en.wikipedia.org/wiki/Digest_access_authentication

If you have two-factor auth enabled, your Android phone stores a app-specific password -- even if extracted, it wouldn't be terribly useful (assuming you revoke it).

You should be using POP or IMAP only on your phone so that you can revoke permission after it is stolen (when you log in to your account from a desktop and use a backup key from the printout). If you are logged in to your main Google account on your phone you are asking for trouble. While I will be sympathetic after it gets stolen and someone ruins your life, I won't be surprised.

If you're logged into your Google account from your Android, it's roughly the same amount of control as an IMAP account would give.

They can wreck havoc, but they cannot change your password and steal your account.