[stcredzero]

Apple should augment a single sign-in mechanism with a transparent 2nd factor embodied in the iPhone. This would result in your being automatically logged into any participating site while using Safari on the same LAN as your iPhone. The mechanism would fall back to the traditional password if you don't have the phone. Bluetooth could also be used to communicate to the hardware.

The hardware would only run signed Apple firmware and be separated from the CPU and most of the rest of the device, except for access to radios.

[leviathan]

so how does it differentiate between me and my wife, on the same network?

[stcredzero]

In this scheme, you and your wife would have different phones. You might still have to put in your user name to the browser once at the start of the session, or log out your wife.

[drivebyacct2]

Google already does this with Chrome and Google websites.

I don't have to enter my second factor with credential or even my password when using Gmail from my phone, tablet, laptop or desktop.

[natrius]

At this point, I actively seek out Google account login options. It is so incredibly pleasant to use on Android.

[stcredzero]

Yes, but I'm not so sure that's really two-factor authentication.