I agree and would love to see this as an option on sites where full blown 2-auth validation isn't required.

I wouldn't use this feature on every site but there are some sites I use infrequently enough that virtually every time I use them I have to do an email based password reset anyway, which is often implemented in a way that makes it a very clumsy version of this system anyway (since following the reset link often gives you a valid login cookie).