Chapin Information Services recently tested password management features in web browsers. The conclusion seems that none were very good, as the results table is littered with "failed" tests.
First factor security, in the form of passwords, continues to be a threat worldwide (i.e. phishing, man in the middle, simple used passwords and a host of other vulnerabilities). CSI's results show that there is little reason to rely on the locked down browser to provide a competent level of security. This is further evidence of a market need for 2nd factor and beyond. The issue is can you provide an extra layer of security without being intrusive, and deliver it at low cost?
Thinking out loud, what if a user could rely upon their keyboard biometric to validate them like PGP once did for the distribution of their public key? It would be great to be able to save a bio-key and upload it to a site. Provide a means to enable each user to prove ownership of their bio-key and have a 48 hr delay with safeguards in place to ensure the bio-key is legitimate. That way when the user revisits Amazon or Ebay for example, they could type in their password and be validated.