Neither TOTP (Google Authenticator) or Twitter factor in how easy it is to malware/root Android phones these days. I still prefer Yubikey or other opensource cards until the state of mobile security improves (for ex SEAndroid).
This is something I was thinking as well. I've got a Yubikey, and felt like there is a really good use case for a 'trusted' off phone device. I've pitched it a couple of times and the story gets either diverted into the "You can't solve the 'Identity' problem, it's the security equivalent of the halting problem." rat hole or the "Why would anyone care something around in addition to their phone?"
I explain the phone 'rooting' problem and it isn't perceived as a real issue yet (although perhaps it is getting there). In the mean time I have it on my shelf of "things I could build that at least 10 people I know would buy one of." :-)
