I've seen posts where the authenticator code is essentially stolen as you use it to log in.
You don't actually log in, but then they have a valid code for 30 seconds or so.

Still, a hack/virus/whatever that steals your code in real time, screws over an authenticator or no authenticator.
A more simple key logger, only screws over the no authenticator.

Although I agree, not clicking the suspicious links or visiting warez, hackz, porn, etc, will prevent the hacks too.
It helps to have your B.Net email not used for anything else, anywhere.