My profile fits the pattern of a person that travels a bit and has two homes. Perhaps not so a typical for this community?
Consequently, I have more than one computer. So the 2nd factor convenience feature of using a token/cookie to tag my browser/machine is of limited value. When I change computers/locations I have to go thru 2nd factor all over again. Now being a security guy.. I clear out the cookies at browser close as well to keep the mischief down to a minimum, which is a pretty good practice if you know all the potential nasties that can be exploring around.
If Marriott is going to use this tech for a population of people who travel (and likely have more than one computer they use) why not support multiple devices (2 or 3 would probably do the trick)? Or perhaps question the effectiveness of 2nd factor for this community?
Living a day in the life of your customers always help bring perspective to how to leverage Technology.