I think Blizzard is missing the boat here in terms of what account security can be. The 3 possible categories of access control involve something you have (a key or authenticator), something you know (a user/pass) or something you are (fingerprint, eye scan, voiceprint). Having 1 of the 3 is lease secure but most convenient, having multiple of each is most secure but least convenient.

Right now, without the authenticator, they ask for 1. With the authenticator they ask for 2, which is of course better. But is having the authenticator for the second choice really the best thing to do? Secure it is. Convenient, not as much. And the possibility of losing an authenticator can be a nightmare. What's more, if you play in different places (different locations or on a laptop in different places) you are forced to physically take the authenticator around everywhere you go, increasing the chance of loss or even theft by someone familiar with you. Lost and stolen authenticators put an account out of commission for a while, and also cost Blizzard extra support time.

I think Blizzard should look at allowing other methods of account security besides just authenticators, and then let users have a choice between several.