Unfortunately this entire thread is populated by tech savvy people who have a daily and perhaps hourly and more frequent relationship with their keyboard and screen.
The issue of username and password is not really about those of us in the tech world and who have a minute by minute interface with all sorts of resources and assets. The issue of security is compromised amongst the majority of non-tech savvy users who see Security as a pain in the backside. Our duty therefore is to create a schema which works for their ( and our) better "user experience" but which overall solves the problem of "how do we keep the bad guys out ?" Yet the answer must accommodate Martin-73 above who clearly doesn't care and why should he !
Therefore we need to eliminate the username / password model and implement an identity certification capability which is easier to use, easy to implement and ....is more secure.
Believe it or not, worked out in the correct manner, observing some of the commentary in David Birch's book "Identity is the New Money" we can put in place a secure access model which everyone can use and everyone will benefit from. But it must happen fast. R
Biting the hand that feeds IT
