In a thread on the Guild Relations Forum, Karamoone of Dark Iron expresses a view on the Blizzard Authenticator that I've often seen espoused by various "power users" or highly technical people:
I don't get malware on my PC, and if I did I'd look at blocking the infection vector (to prevent things like my credit card number and SSN from getting snagged) rather than just slapping on a band-aid to protect access to one video game. If I played on insecure PCs I'd get one in a heartbeat, but I only play on one PC. I'll probably set up the phone number authenticator, since it doesn't involve any additional annoyance in my normal style of play, but that doesn't count for the 'require authenticator' ranks in a guild.
This authenticator madness seems to me to be driven by a bunch of people with really unsafe computing habits who pick up malware routinely, but don't want to believe they're being incautious so choose to believe that everyone has a parade of keyloggers on their systems.
But really, I think if you're going analogize to home security, it really makes more sense to analogize the house to a computer than to a single video game, since the house has multiple valuable things in it and isn't used just for the one game. The game account is better represented as a collection of RPG character sheets or a single board game. So really, getting the authenticator is like getting a safe to store the paper character sheets for your RPG characters while leaving your credit cards, emergency cash, SSN card, and title documents out in the open on your desk, and the attitude some people are expressing is like not worrying about a break-in because they couldn't get to your character sheets.
I think this attitude is somewhat hubristic. I've never been hacked or had a virus, and I try my best to keep my computer secure. But I'm only human, and I can make mistakes. Maybe some of the hackers are smarter than me, and might outwit me. Maybe one of the people I rely on to help me keep my computer safe will themselves make a mistake and let me down. (And this is the worst, because sometimes I might not realize that they let me down.)
To go back to the analogy, a house has multiple vectors for a break in. They might come through the doors, the windows, maybe even the wall or the roof. I can harden each potential attack vector, but I might make a mistake. Or maybe a new attack that I did not anticipate will appear. Adding the safe to protect my RPG sheets might be good idea if I care that much about them, or if losing them will negatively affect other people.
I looked at the authenticator and decided the trade-off was worth it. It was fairly cheap, and typing in the authenticator code is pretty quick and doesn't add that much more to the login process. Plus, I got a corehound.
Considering an extra layer of security is never to be sneered at.
As well, consider that this layer of security is verifiable. If you are in a partnership with someone else online or at a distance, you can't tell if she follows good computing practices. All you have to go on is her word that she is doing things correctly. An authenticator can be verified, and acts as a guarantee. You hope that your partner is doing everything else correctly, but if it turns out she isn't, at least she had an authenticator which helped protect your interests.
In many ways, your authenticator is not so much about protecting your interests--though it definitely does that--but about signalling to others that their interests will not be attacked through you.