[jlam]

As a website owner, OpenID nets your site security. Most people reuse the same small set of usernames and passwords. A not-so-small number of sites store cleartext passwords; they can even mail it back to you. Regardless how well you execute security, a breach at any of these sites compromises security across many user accounts across many sites.

Several weeks ago a Web 2.0 company launched a Gmail backup app that asked for addresses and passwords, which at least 1777 unwitting folks provided. In addition to backing up Gmail as expected, the app also socked away the address and password combo. When the scheme was exposed, the company said debugging code inadvertently made it to production. http://codinghorror.com/blog/archives/001072.html

I can see scenarios where the government may be the least of our worries. Much more likely are significant others' jealous exes who are also system administrators, and other real or potential enemies. The sooner we move away from passwords and other shared-secret systems, the safer we'll be.