Many of our most valuable assets are now online (banking, backups, social media, etc). Losing control of these means weeks of work to rectify the situation.
Most internet users often forget that their security is only as good as the weakest link and in most cases the weakest link is email. If a hacker gains access to your primary email account, they can then go through you emails, figure out what services you use and request a password reset from those services (which will most often send the reset link to your email account).
I recently received a frantic call from an old colleague who had her GMAIL account taken over by hackers. Within minutes, they had reset password to many of her most important sites (including her bank, online stock broker, twitter, Facebook, smugmug private photo album, etc). She was devastated and recovering all of her accounts took months.
How could she have protected herself? She could have avoided all of this if she had simply enabled 2 factor authentication for her email service.