[bonestamp2]

Yes, what we need is a good proof of identity system -- that's all username/password are trying to achieve. There are several systems out there, including some standards. I guess it's kind of a chicken/egg situation where few logins support it because few people have it and few people have it because few logins support it.

[paulryanrogers]

Passwordless systems are shitty in all kinds of ways: difficult for users to understand, must have multiple hardware tokens, rely on 3P (who likely needs a password anyway), lock in to one vendor, difficult to recover from lost device, sometimes uses derived values--putting all past and future values at risk.

They'll have an answer for every critique, but they're usually weak responses that assume tech literate users.