Suppose a traveller lands in another country and tries to check his GMail on the hostel's computer. This trips GMail's security, and requires mobile verification. He doesn't have a SIM card with a local data plan, so he doesn't get the alert and can't verify the request.<p>The beauty of 2-factor auth as currently implemented is it doesn't need network access from your authenticating device to function.