Passwords are and will continue to be a nightmare.

Worse yet, they are a bit of a catch-22. Steps you take towards making them more secure (different passwords for everything, passwords that are hard to guess) tend to also make them harder to remember. Which of course leads to password tools, passwords on sticky notes, etc etc, making the people the biggest security vulnerability.

As for the open ID stuff, which could have helped significantly, there are problems. First, just like having one really good password and using it everywhere, its a single point of vulnerability. Not quite as bad, as they have a bit more authentication, but still a risk.

But even worse, with most of those companies you get a lot more than just authentication even if that's all you want. Its not just 'confirm I am who I say I am'. Its also pushing details about you to the site you registered and pulling usage data back.