Let me preface this with the following disclaimer: You should try to build this device, it will be a great learning experience.
Okay so it sounds like you want a separate device, lets call it the "Auth-Box". The Auth-Box is a computer that has some sort of master password (it could be your password + a biometric + anything else). Once you enter your master password the Auth-Box handles all other further authentication for you.
Login to TS, Auth-Box!
Login to your email account, Auth-Box!
This all happens via some sort of protocol, Auth-Box makes a connection to your computer, tells your computer the correct password (could be an insanely long randomly generated password because hurray you already authenticated into the Auth-Box).
This is stupid.
Why is this stupid? Attack vectors / attack surface. Auth-Box get's compromised, uh oh, ALL your passwords are now compromised. But wait, explorer-guy, isn't that the same security risk as using two-factor authentication with your phone? YES it is astute observer, which is why it's stupid (the advantage of using your phone is that it does not know about your passwords, your solution all your passwords are in one spot, in plaintext, this is naughty). The device is storing plaintext passwords and sending plaintext passwords over a protocol. Now you have to prove to me that this is more robust than https. Because if its equally robust or less, security has been compromised.
In fact, even if this magic protocol that is sending password from Auth-Box to your computer is 99.999% failsafe, security has STILL been compromised. Why? Because math! Yeah let's do math! Your password, no matter what, still has to fly over HTTPS, let's say that the odds of HTTPS being cracked, exploited, or failing are one in ten thousand (i.e. it is 99.99% reliable). Now, using our magic new protocol we have TWO networking protocols that have to execute, our new, super duper strong one (99.999% percent) and good ole' HTTPS (99.99%, remember, these are made up numbers but the point is still valid).
So what is our total risk of exploitation?? Why it's the probability of HTTPS failure multiplied by probability of new-magic-protocol failure. Which, if you open up your calculator application is 99.98%. LIKE ZOINKS SCOOB.
So no matter how super duper secure you've made your Auth-Box-to-Computer protocol, because the password has to fly over a wire (or wifi) twice, your chance of failure/compromise as increased.
But this isn't the whole story brah, because Auth-Box shore's up a whole other set of security problems, namely the weakest part of ANY authentication system - the human using it. Now instead of 10 passwords, the user remembers only one + their fingerprint (or however you want to handle initial auth).
So does that make this idea not stupid? Well, no, because any Auth-Box system like this will have a much better adoption rate, and ease-of-use if you use a device that the user ALREADY has with them (their phone, their fingerprint, etc).
So will your idea make the world safer? No. Will you learn a shit ton from it and could it set you on the path to making the world more secure? Definitely. Please don't be discouraged, I just wanted to explain misconceptions about "adding" layers to security, you are always better off shoring up or removing your weakest link, not adding more strong links.