I agree with people that you should avoid making things a hassle for your customers. At the same time, certain customers (especially any larger, stricter companies that you may or may not get) may wish to have additional security measures in place.
You could meet your clients in the middle. Have a mix of the standard: SSL certificate, password strength hints etc but then offer 2 factor to those that want to enable in the clients portal. Those that want it, have it. Those that would have stopped buying from you simply don't have to enable it.
@1wayhosting - Google uses Geo detection when you sign in to any Google service and will act according to how a profile is set up. In some cases it will just send an alert to the backup email account informing them a login to place, the general location an device. But if set to do so, it can actually block the login until you provide additional verification (SMS, secret q answer etc).