It's not normal, it was something someone thought up then everyone copied. Like switching peoples codename for email addresse on logins. Unless they get your email access then they knows all your stuff because of schemes like these.

It's better than nothing, and many things have SPF(single points of failure).

Why do you get so many emails? I use adblock plus and sometimes do not get two factor auth, even when I login and logout.

In terms of convenience, it's not that big of a deal. But, using email as the means of authenticating is rather foolish. Email accounts are regularly broken into when crackers want to access various accounts. Real 2FA should permit something along the lines of a key-fob or google authenticator as one of the options.
It is, but being kicked in the shin is more pleasant than being kicked in the nards.

Given that the 21st century allows for fobs like the Yubikey and OTP like ones available via Google Authenticator, this less secure, more annoying method seems like it shouldn't be the sole 2nd factor available to us.
I've got proper 2FA on all my email accounts, but it would still be better if the 2nd factor here wasn't sent unencrypted over the internet.

You mean great, excuse me, GREAT.
Edit: Why open a thread if you don't plan to post after people have responded to your rant... :/

2FA protection is a must but the email validation is way behind the times. I just wish they supported Google auth like nearly any other gaming platform.

I can see how this may get outrage.

I suspect that as the other poster suggests, that there would be outrage. But, there are other robust systems that make use of fobs as well. My domain name provider allows me to use a fob, or a text or an email, IIRC. I use a Yubikey because it's much more secure than those two options, but I'm sure the other options are generally fine, provided you're not dealing with somebody who can sniff every email coming from them in real time.

It doesn't specifically have to be Google auth, (as the underlying system is open source), but anything even resembling it that could be keyed into an authenticator of choosing would be great.

My email required an approval click on my phone to access, so it's not that easy. But yes an app would be better.

Some dislike and won't use anything by google.
Are fobs those tiny devices you plug into a system? If so those can break or fail as well.

That's why services generally give you an OTP sheet as backup. Also, the services I use allow you to link more than one FOB, so the likelihood of being locked out as a result of not having the fob is rather low, provided you take reasonable care.
I used to do that, it's pretty good security, but not always the most convenient to have to have your phone nearby. But, yeah, chaining the 2FA to the email and having the email also use 2FA greatly reduces the likelihood of somebody breaking in. Most of the time when people break into those accounts via the email, they're taking advantage of weak passwords and security questions.

Somebody actually intercepting the 2FA email within the time period and using it is rather unlikely. Although, I suppose, technically possible.