[Strom]

If you use actual strong passwords then you are an outlier. Most people use basic words like "password" as shown by every password dump in history. Indeed, most people would use the very same weak password they use for their e-mail for their mobile, and this would reduce protection against spoofing versus continuing to use the SIM system.

What we need is a SIM-type system on the web as well, not to bring the broken web password system elsewhere.

[Sanddancer]

Client TLS certificates have been a thing since forever, but browser makers keep it a pain in the ass, and too many "modern" software stacks don't even consider leveraging the decades of infrastructure that would make their job easier. Add to the fact that identity aggregators want to be producers, but rarely allow themselves to be consumers and we get stuck in the hell that is identity online.

[another]

Furthermore, any security system that effectively relies on the user possessing more than one computing device (e.g., using your laptop for access to a password manager or email address) fails for the significant and increasing swath of humanity for which their phone is their [first and] only such device.