Calling it an "application specific password" is actually a misnomer. WE create the app-labels. For all practical purposes it's a backdoor entry into your account.
So, I'd say for absolute 2FA, you must give up Chrome browser profiles, device mail sync (till Google comes up with a compatible client) and Google Talk/any Jabber client. I don't care about Chrome browser profiles but I need/want my Android phone to have full connectivity viz. push mail and gtalk access to my account. I could always keep a separate browser window on the PC with my gmail signed in and IM notifications enabled for my third point.
Overall, I feel losing my Android connectivity is not worth the 2FA.
So, I'd say for absolute 2FA, you must give up Chrome browser profiles, device mail sync (till Google comes up with a compatible client) and Google Talk/any Jabber client. I don't care about Chrome browser profiles but I need/want my Android phone to have full connectivity viz. push mail and gtalk access to my account. I could always keep a separate browser window on the PC with my gmail signed in and IM notifications enabled for my third point.
Overall, I feel losing my Android connectivity is not worth the 2FA.