Don't focus too much on the current case. It's not only Apple's fault, it's also Amazon's and as the author freely admits, his as well. Plenty of blame to go around, and plenty of failure points as well. What I'm suggesting isn't a way to fix all of those failure points. I wasn't trying to fix any of that. In fact, about the only thing about what I'm talking about that would apply is that Apple probably wouldn't have been involved or able to screw up this badly, because they wouldn't be doing the authentication.

That's not really here or there, though. The problem is simply a problem with passwords. They aren't safe anymore, mostly due to human nature/psychology, but also partly due to the connected nature of the internet, where passwords are stolen so easily now. The answer thus far has been a "single signon" answer (OAUTH), but I think that's actually just putting us at more risk. If we are going to have a single signon, ensuring that authentication mechanism is secured is more important than ever, and that's what two factor authentication does.

As for "drinking the Kool-Aid" and putting all of your data in the cloud is concerned... that's missing the point. I have control over what data I put there, and whom I trust it with. However, if we're relying on a single signon solution to the problem of password management (and with many services now, and more in the future, you have no choice there) there's too much bleed-over. Sites/services I trust with some data can now compromise other data that I didn't entrust them with. So unless you're going to take the stance of putting no data at all in the cloud (yeah, right), there is reason to want a more secure and user friendly solution.