There exists a rather elegant alternative to passwords for authenticating a user's identity - it's been around for a while but the user barrier is too high: FOAF+SSL.
The idea is you generate an X.509 cert and install it in your browser(s). You then stick the pubkey in a section of your own publicly hosted FOAF file (hosted by yourself or by an FOAF hosting service) - then when you "visit" a site that requires you to authenticate all you have to do is give it the location of your FOAF file, the browser will prompt you to select which cert you have installed that you want to use. (there are cool things you can do with remembering a user too)
This solution is elegant in two ways - no password entry, it uses a cryptographically secure certificate for authorization (much more secure than a password hash), the application in question can also pull/cache YOUR FOAF DATA (name, address, alias, whatever you have in there) so you NEVER HAVE TO FILL OUT A PROFILE FORM AGAIN.
That's effing cool, man. Why don't we see it? Because it's easier to use Facebook Connect and get the same stuff nowadays then it is to try and educate internet users on A) what is a FOAF file? and B) where/how do you generate it and host it when Facebook basically has all of that already (I know, once is personally owned, the other is owned by Facebook but we can't always control the ebb and flow of internet mass consciousness even if something is "more elegant" or "stupidly better").
There exists a rather elegant alternative to passwords for authenticating a user's identity - it's been around for a while but the user barrier is too high: FOAF+SSL.
The idea is you generate an X.509 cert and install it in your browser(s). You then stick the pubkey in a section of your own publicly hosted FOAF file (hosted by yourself or by an FOAF hosting service) - then when you "visit" a site that requires you to authenticate all you have to do is give it the location of your FOAF file, the browser will prompt you to select which cert you have installed that you want to use. (there are cool things you can do with remembering a user too)
This solution is elegant in two ways - no password entry, it uses a cryptographically secure certificate for authorization (much more secure than a password hash), the application in question can also pull/cache YOUR FOAF DATA (name, address, alias, whatever you have in there) so you NEVER HAVE TO FILL OUT A PROFILE FORM AGAIN.
That's effing cool, man. Why don't we see it? Because it's easier to use Facebook Connect and get the same stuff nowadays then it is to try and educate internet users on A) what is a FOAF file? and B) where/how do you generate it and host it when Facebook basically has all of that already (I know, once is personally owned, the other is owned by Facebook but we can't always control the ebb and flow of internet mass consciousness even if something is "more elegant" or "stupidly better").