As a bonus, you can also use it for when logging in over ssh with password http://askubuntu.com/questions/159727/how-can-i-use-a-passco...
Anything can be hacked but it's a really solid system, even against a targeted attack and motivated attacker.
I'm aware of one incident (the Cloudflare hack), but that seemed to be more a vulnerability in the password reset functionality than the authentication mechanism.
SMS verification is less than ideal, though.
I know I have a printed sheet of one-time codes, but I think if an attacker compromises the phone number on my account, I'm screwed.
Other than stealing the phone, that is.