I agree with most of your comments, and have implemented many of them - although it is not possible to de-install Java as several key sites we use for ordering goods have Java based shops.
The Google 2 factor authentication assumes that you have a mobile phone and that you have it with you. Good, most of the people I know, who don't have a mobile phone also don't know that you can log into Google in the first place...
But I usually leave the mobile phone sitting in the kitchen, when I am at home, as there is no/limited reception in the cellar, where my home office is. That means, that I would have to run up stairs, every time I want to log in. Also, if I am out and about, without the phone, it makes it hard as well - yes, we don't all carry our phones everywhere with us.
Secondly, I still use Firefox, because I find NoScript is indispensible, as well as an SSL enforcer. I've tried a few JavaScript blockers in Chrome, but none are as effective or configurable as NoScript.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
