The invisible login should also work without any seconds device. You just need the self-generated token which identifies the user. I think I described that at step 6.