[DaCapoo]

I agree.

"Another good practice is just to ask for passwords less often. If you’re signing in every day from the same computer in your basement, you’ll notice that Google hardly ever asks you to prove who you are."

I'm not sure if he's referring to Google asking for a second form of authentication when you log in from an unknown location (such as sending you a text message with a random number in it, which is unrelated to entering your actual account password) or if he doesn't understand state management with cookies. You obviously won't be asked to reenter your password if the session cookie has been set in your browser and you have a valid session on the server.