[brent_noorda]

I don't think any security mechanism works if you walk away from your computer and leave the programs running (exception something that relies on a NFC on your wrist). For this reason I don't think your scenarious makes this scheme any less secure than what is use on standard sites. Maybe it's even more secure since even if they get access briefly, they cannot learn your password (since you don't have one), and so they cannot later log back on from a different computer.

[Ryoku]

It was just an example. My point is, by relaying all entrance control to an email, you are giving it master password access. The only thing you are doing is relaying the security issues to wherever that email is hosted; most of the times, a free and third party service over which you have no control. No, it is not more secure to keep your car, home and security box keys together.

You are not increasing security, whatsoever. You are setting all the security in an email service, which we already know are not the most secure services at this moment.

May be, such login can be applied inside a company's network, where you have control over the security of the servers, certificates, network encryption, etc.

Now if you think about it from a social engineering perspective. It is much easier to get access to a single email account than to every account you own. And about persistence of access... There's this thing called email forwarder. If I get access to your email, I would create a forwarder for all the email you receive to one I control; chances are you won't notice it in a long time.