So far, with Google Authenticator, I have secured:
Google Apps account
Gandi (domain registrar)
Amazon Web Services (only AWS - you can't secure an Amazon website account)
I also have a Battle.net authenticator for my Blizzard account, and the PhoneFactor app for Office 365 (note: Office 365 uses the "PhoneFactor" app, not Google Authenticator/Microsoft Authenticator). My twitter account authorises login requests via the twitter app on my phone as well.
LinkedIn uses SMS codes for 2 factor (no other option available) and Cloudflare uses Authy (which sucks).
According to he BDFL, apparently you can also use Google Authenticator/Microsoft Authenticator (they both are compatible with each other) with Dropbox, LastPass, and Hootsuite.
Stuff that I can't get 2 factor on include my Westpac (NZ and AU) bank accounts, my "Kiwi Wealth" Kiwisaver account, and my credit card merchant processing account. Ya know, stuff that involves actual money and quite a bit of it.