I firstly must say I use a long and complex password so I don't have serious account concerns, but I wanted to test 2FA nevertheless.
I have realised I am now more worried about losing my phone and locking myself out of my account, than I was about being hacked!
I never considered the need for "app passwords" for "always connected" programs (WP, Skype, etc.) however it does seem like a good fix. They seem a bit weak but...no special characters or caps???
The question at hand...how does 2FA work with windows 8!? I mean, I log into my surface with my regular password - no need for the authenticator! What gives? As I said, I'm not really worried...but curious nonetheless.
edit: it seems 2FA doesn't play nicely at all with windows 8. word is now asking me to log in. is this solution to make this a trusted device? (a trusted MOBILE device? seems a bit dubious...)