[mkjones]

For online accounts (including email), you're much more likely to get phished than have someone brute-force your password. While keylogging malware is an issue, it's generally less prevalent than successful phishing attacks. There's also the threat of compromised password databases from unrelated web sites (see http://twitter.com/lulzsec) being leaked, and if you share the same credentials, that can affect your email account as well.

2-factor auth gives you a considerable security advantage over "a strong and unique password" and not logging in from untrusted devices - I'd recommend you try it.

(I work at facebook, and we offer a similar thing called "login approvals" - go to "security" under https://www.facebook.com/editaccount.php to turn it on).