Take Brian's advice, people. The added security is worth it. It may be a bit of a hassle to put the code in every time you log on but it is a tough security mechanism to break. I suggest the SecurID token. It's cheap but even if a few dollars is too much for you at least install the mobile authenticator if your phone can run it.
Valve, if you are reading this, I would really like a SecurID token for my Steam account.