[syllablehq]

I understand where you're coming from, and if you really want to have a username and password - yes, you should be let in. You should always be able to manually authenticate if you really want to. But I'm arguing that's it's time to automate and hide that process from the user experience. (multi-factor auth is another topic... let's put that aside for now..)

But the reality is that memorizable passwords simply does not scale in any world where we have to authenticate with so many services. It's time to shift paradigms. When you take a step back, it's clear that we're trying to shim a new password keeper system into an old password input field paradigm, and it makes no sense and it's holding us back.

Agreed that no one should be forcing a proprietary authenticator service on anyone. On the contrary, to avoid that, we need an open standard that is cross-compatible between proprietary services.

The open standard should make it easy for any browser, password keeper, multi-factor auth system etc to speak the same language and "just work" instead of hacking around with auto-filling password input fields for no reason. We're so stuck in an old way of thinking that we can't see that the password input field is vestigial and is only making everyone's experience worse.