In general, a two-factor auth system must have some state (like a secret key from which one-time codes are derived) embedded in the second authentication device. If you take a traditional password based system and add the same amount of entropy to your password as the second auth device has, you should be just as well off as when you use two-factor auth.
Of course, remembering a super long password is impractical or rather impossible. This is where a password manager comes in handy: it will remember your passwords and often sync them between your machines.
I'll claim that such a setup gives you exactly what people want in two-factor auth: you've prevented people from accessing your account from a new machine after guessing or brute-forcing a normal password.
Is there some flaw I've missed in the above argument?