[mwww]

Web services should be relying on passwords because that is a simple means of authentication that users already know and it keeps the services independent from a central identity provider. As we all know passwords alone can't protect us anymore though, so web services need to give their users an option to secure their accounts with a second factor. Thus in a few years I think that two-factor authentication is going to be a standard way of protecting our online accounts.

[kiiski]

What would that second factor be?

[mwww]

The device that you use to sign in could be a second factor. That's how Rublon works: the mobile app allows you to manage your Trusted Devices. Check out a demo at http://www.pagechimp.com/.

[ams6110]

Typically something like a yubi key, a smartphone app, or even a code sent via SMS to a phone, or verbally to a voice phone.

[kiiski]

I really hope no one is going to try to force me to carry a phone around all the time (I only have one with me when I'm expecting a call or planning to call someone myself). Those yubi keys look interesting, but it's still an extra piece of hardware that has to be bought and carried around (and not lost).

[rmc]

Ubuntu forums has subforums for all over the world. Your phone/SMS thing needs to work for every country.