The problem with not having passwords is that it usually requires an authority to distribute keys (and not retain the initialization parameters for that key, cough RSA cough). And that could potentially require a third party having access to information a lot of people don't want. Or trusting the government to generate them -- which opens up another can of worms.
Things like OAuth and/or federated login still rely on a password at some level.
Pick your poison (personally, I wouldn't mind using an RSA Soft Token type technology with federated access requiring token + pin, but that's just me).
Things like OAuth and/or federated login still rely on a password at some level.
Pick your poison (personally, I wouldn't mind using an RSA Soft Token type technology with federated access requiring token + pin, but that's just me).