Authenticators aren’t foolproof either if a company cannot properly secure their login servers or users’ their computers. I remember a couple years ago when someone supposedly found a way to exploit Blizzard’s login servers and a bunch of people with authenticators got their accounts hacked and stripped naked. It was likely just people getting their computers hacked and authenticators stolen, but none the less it was rather humorous to watch unfold from a distance on their forums at the time.
Overall I see bots and account hacking as separate issues. Accounts usually get hacked with the goal of stealing your stuff, turning you into a spam bot is only an afterthought. The bots which are the biggest problem, especially in F2P games where there are no costs involved with Blade And Soul Gold, are accounts created explicitly for running a bot. The worst of which are run by entrepreneurial Americans and Europeans in their local MMOs with contracts to the big RMT sites to sell their stuff and skirt around IP bans. It’s all rather sad.
Both my games of Guild Wars 2 and WildStar have Google Authentication enabled, Guild Wars 2 the first to raise a panic flag for me to enable 2 step verification when I was getting randomly disconnected all of a sudden. Gut feeling told me to change my password and enable 2 step ASAP, the minute I did that no more disconnections.
Two-factor authentication doesn’t really do much to prevent bots, it’s primarily for account security. They often give you perks to reduce the risk of accounts getting hacked, avoiding the time consuming support mess which requires investigations and account rollbacks. People without smartphones often use something like WinAuth, which offers automation capability for code generation and input.