surely it won't hurt. at minimum, it makes the attacker's job much harder -- their window to exploit becomes max 30 seconds instead of however long you don't change your password.
Tools like evilnginx proxy the traffic, then grab the auth token / cookie after a successful login. From there you can send the session tokens to something like necrobrowser to automatically do whatever you want with the account. The whole hack can happen in seconds.