If your email is hacked, you don't necessarily even know your email is hacked. With traditional username/password authentication, an attacker has to reset passwords to leverage email, and you have a very god shot at noticing a password somewhere changed. Under this scheme it is much harder to notice "you are screwed," as you put it. The attacker gets to decide WHEN you find out about the compromise.
And yes it's possible to figure out which sites I visit from my Gmail, and yes it's possible to lose your job AND forget your password all at once, but these issues are made exponentially worse by the "email a login token every time" scheme outlined in the article.
And yes it's possible to figure out which sites I visit from my Gmail, and yes it's possible to lose your job AND forget your password all at once, but these issues are made exponentially worse by the "email a login token every time" scheme outlined in the article.