The lesson of the Target payment card breach is that we’ll never stop such attacks without an effective second factor, and that’s going to be a tough sell.