>>If your OS is compromised, then you're already fucked.
>
> There's a nuance here, right. In my opinion, however much I hate banks, I
> think over the last few years they have got this right. 2FA is a solution
> to the OS compromise issue, BUT it doesn't work if the second factor is on
> the same machine,

2FA for non-trivial quantities seems nice. I like the idea of using
two-out-of-three signatures. Does it make sense to keep one private key in
the laptop, one in the mobile phone and one in a safe? The user creates
and signs the transaction using the laptop, then this information is
transmitted using one or more QR-codes to the mobile phone. The mobile
phone adds a second signature and broadcasts the transaction with the two
signatures.

Now the attacker has to compromise two devices to get access to the funds ...

Cheers!
Jaume