What if you don't have your smartphone handy? When you set up the security on your account, you can choose not to use two-step verification again on that particular computer. From then on, the computer only asks for your password when you sign in. So if somebody who knows your password tries to sign in on another computer, they won't succeed because they won't get the text message with the authentication code.
It's not foolproof, but requiring a password and a separate authentication code makes it more difficult for unauthorized parties to access your account. You should also, of course, protect your phone with a code, password or fingerprint.
There's no reason to panic about password security. Most online hacks occur at the server level, where security is out of the user's hands, but it's still a good idea to be careful.
Sign up for CIO Asia eNewsletters.