The only thing sure about usernames and passwords are that they are not only totally unsafe and do not work well in practice, they are anything but Lean in practice! They can be solid in theory but in practice they are anything but!
An unwritten secret of any company or any individual is that a lot of usernames and passwords are written on post- it notes or stored digitally somewhere on a computer.
Unfortunately for users, every software product and company thinks that they are coming up with the most foolproof system of user authentication. They all make it so convoluted and painful for the end user. With usernames and passwords for everything like your office computer, PC at home, office related websites, personal websites, banks, retirement account financial websites, etc, everybody has tens of usernames and passwords. Many of them use different security restrictions and requirements for safety resulting in a lot of confusion in the minds of users. They cannot but write them all somewhere or store them digitally on a computer system. Who can remember all these usernames and passwords when you have so many?
As if these were not enough, different organizations waste everybody’s time and energy requiring these passwords to be changed periodically. Of course, users will forget their new passwords, they need to waste time either talking to someone on the phone or email or go figure it out with a “Forgot password” link on a website somewhere.
What a waste of human effort, time and effort when the safety can be achieved in other ways that are simpler for everyone to remember and use?
This is where single-sign ons have lean benefits for the user as well as the organization. Single signon regimes like the ones from Microsoft and OpenID can be very beneficial. You can enforce even changing the password periodically as long as it is a couple of passwords, not the tens of usernames and passwords as before.
Social networking sites like facebook allow their username and password to be used by many, many businesses and content websites now.
Finally, the online world of User Authentication has caught up with the pain of people and organizations!