Because there are not better alternatives? Unless you'd like to trust some company with biometric details about yourself. But biometrics aren't notably better than passwords anyway.
And in answer to your question, yes. Everyone is supposed to become an authority on choosing strong passwords. I fail to see why this is unreasonable.
> Everyone is supposed to become an authority on choosing strong passwords. I fail to see why this is unreasonable.
peopel have been saying this for decades, that users should get with it and learn how to create passwords like "as723HASD-23", to change it every month, to use a different one for each system, to never write it down, and so on and so on.
And for decades users haven't been doing this.
So. Are we to blame the rest of the universe for not doing what we tell it? Or decide for ourselves that This doesn't work and we as programmers must think of something else?
If none of the alternatives appeal to you, think up a new one and get some YC funding going :-)
The point is that there are no alternatives. This isn't a design problem that as programmers we can fix. There are plenty of existing security systems that fit the bill. It's a human problem.
For example, one technical fix is a widely deployed public key authentication system. It would take a company as large as Google to force people to adopt it, however. Plus operating systems would have to start shipping the software to make the average user understand it. Private key creation would need to be integrated into the create user process of Windows and Mac OS X. That's not realistic because there is little profit for the companies involved.
How many non-technical people are actually using OpenID? (For that matter, how many _technical_ people are using it?) Actually using it, not having some OpenID thing that they don't know about...
And in answer to your question, yes. Everyone is supposed to become an authority on choosing strong passwords. I fail to see why this is unreasonable.