While those are all suggestions that open up good things, I'd like to suggest that you take a minute to think about those from an attacker's perspective. Most of what you suggest comes at a significant cost. Paying that cost might be on balance correct. But there's definitely a security/user-trust cost to implementing these suggestions.