When you sign to your online accounts through a passworded login system, even a two-factor system, the problem with that process is you are, from that point forward, trusted to be who you say you are. But if you nip out for lunch or put your phone down somewhere or someone swipes your laptop at the cafe, the system has no way of knowing that the person on your keyboard isn’t you anymore. This is a BIG deal, especially at high value hacking targets like Fortune 500 companies, banks, brokerages, intelligence services, military, health records, etc etc.
