>> Passwords are obsolete because of email and SMS. Specifically, the ability to send an email or SMS to users reliably and quickly.<p>>> The basic idea is that instead of using a password to authenticate each user, a temporary secret code is sent to them over a secure channel. Email or SMS is that (mostly) secure channel.<p>Email is not secure and trivial to spoof. Most users use a password to authenticate their email account. Unless you have a private key system in place, how do you get access to your email so you don't need passwords? (bootstrapping problem)<p>SMS is not secure. SMS-jacking is a serious problem that has been used to commit fraud and take over user accounts. Do not use SMS as a form of multi-factor authentication.<p>More factors are better, not less. Ideally, something you have (a token), something you know (a password or PIN), and something you are (biometrics). Defense in depth is effective, so use it.