[julianpye]

Everyone knows the whole email/password concept is broken. I believe that overall OAUTH is needed, but it needs a much stronger consumer facing view.

[StavrosK]

I'm not sure how OAuth can help. Does it allow you to choose whom to authenticate with, or does it tie you to one specific provider? I much prefer Persona, but Mozilla has abandoned it, and most resources around it are dead links. What a colossal shame.

[sarciszewski]

I'm personally looking forward to something like SQRL.

https://www.grc.com/sqrl/sqrl.htm

[StavrosK]

That's also a nice protocol, but I think it requires too many extra things (mobile phone, net connection, etc). Plus, what if your key gets stolen?

[function_seven]

It doesn't require a mobile phone. A client on your desktop can handle the authentication.

There's also a mechanism[1] to change your master key should it become compromised. Looks like a huge drawback is that it requires you to store an offline "Identity Unlock Key" somewhere.

[1] https://www.grc.com/sqrl/idlock.htm

[sarciszewski]

A well-implemented OAuth implementation is wonderful. Sadly, many implementations are just crappy.

[throwawaykf05]

What's worse than crappy implementations is that every provider has their own version of implementation-specific crappiness that is inconsistent with everyone else's.