Reading up on some more information regarding the Heartbleed bug, it seems that two-factor authentication, while helping to reduce vulnerability, is potentially vulnerable to Heartbleed itself, with an attack having the potential to obtain the secret keys that help to generate one-time passwords used in most common two-factor solutions:

The aftermath of the Heartbleed bug is going to stick around for quite a while, it seems. If you're using two-factor authentication on sites like Facebook, Tumblr, or more, I'd highly recommend disabling and re-enabling two-factor authentication, as this will generate a new secret key