I've been using google two-factor auth for the better part of a year now, and the annoyance comes down to, once every 30 days or so, having to take 5 extra seconds during login to enter a code sent to my cell phone.
To reduce the risk of inconvenience, Google should really put an indicator on gmail that tells how many days left until the next authentication and allows you to renew the lease early to avoid having to pull out your phone at random. I only hope I don’t get kicked out of gmail at the most inconvenient times.
Google has actually made it even less of a hassle by instead trusting a computer forever instead of having the session last 30 days [1]. This can be seen two ways though: less of a hassle for the user, and less secure. I wonder why Google doesn't give the option for the session lasting 30 days or forever.
You don't have as many computers as I do, or as long a password as I do, I suspect. Having to type a random long passphrase with special characters on the weird keyboards of multiple devices every month was a pain. Even worse, for devices I infrequently use, I ended up basically having to do this every single time I wanted to use the device.
dropbox plus either passphrase brute force (or guessing), or one of (keylogger, compelled disclosure, shoulder surfing, ...) + dropbox.
I consider the 1Password file sensitive enough that it shouldn't be online, especially not with dropbox. I'd prefer if there were physical protection for it somehow, too (like a smartcard or FIPS module, which wouldn't allow bulk-export normally, and which might impose other rules on use like 5 passwords per hour when outside my home network, etc.) Same way you handle high-security private keys.
(Ultimately I'm not going to be happy until I have a trusted tablet of some kind, but building that either requires being Apple or waiting for WP8 hardware to come out and investing about $5mm in some serious security upgrades. Maybe worthwhile, though, since it solves the general problem of trusting client devices.)
Now sure if PasswordSafe allows using key file, as sbov mentioned above for Keepass, but if it's properly implemented, and you didn't put the key file into Dropbox, it would be pretty much impossible to brute force.
I like to use keepass with a long, memorable password and key file that I need to manually copy across machines.
So even if they get my password database and my password they don't have the key file. And if they can get the key file, they could have gotten the password database anyways.
Until you really need to check your email for something urgent and of course then the code will take some time to be received by your phone, your phone will be out of battery, etc
I can't _think_ of anything less of a hassle.