2-step authentication (2sa) is exactly helpful if NSA - or more likely someone else - has access to your password /re +Shawn Willden
What many people do not realise, is that from NSA perspective different flavors of 2sa require different effort. For application-based 2sa all NSA needs to do is to demand master keys and algorithm from Google, like they did with Lavabit. I doubt Investors will allow Google to shut down in protest, like Lavabit did: http://www.wired.com/threatlevel/2013/10/lavabit_unsealed/
- and we do not know if that did not happen yet as Google would be gagged anyway.
On the other hand, to gain direct access using 2sa involving SMS or a call they will need to coordinate interception of connection on another network which is an extra friction - both legally and technologically. From that perspective, not
using 2sa application is better.
The important question, though: does it matter when it comes to NSA? I do not think it does. For a target of Google's nature there are more likely to be Prism-like direct access entry points for NSA, for which user-facing auth does not apply. So NSA specifically very likely would not even bother with breaking into 2sa chain.
Either application, SMS, or voice-based 2sa are effective enough in almost any other scenario while Google core systems are not compromised. And if they are - all bets are off anyway. Like they are with NSA, anyway.