No, it's time to kill passwords. If I need to log in, send me two links and/or temporary auth codes: a persistent login clearly labeled, and a transient login for use in public places. If you're a serious site (banks, utilities, etc), use two-factor auth, don't accept anything less and of course, don't persist my login.<p>Alternatively, I keep hoping to see user-controlled federated ID gaining traction - you know, a personal 'wallet' that I maintain myself and store all of my identity in. And when you want to know who I am, you contact my server and it tells if if I approve it. I'd happily take this extra step every time. However, I've realized that this will never happen - too many people don't care, and no major tech companies are willing to push it for fear for backlash.<p>While I'm wandering further off-subject (but still reasonably tangential): dear people who make marketing email systems, please stop requiring me to log in when I follow your unsubscribe link. One might begin to expect that you add this extra stumbling block to make it harder for me to do what I want - and that's certainly no way to get my business. Every time I get an email from you, I'm reminded that I don't want to be receiving them.<p>I suppose it's possible that someone has hijacked my email credentials and that they may be fraudulently unsubscribing me. But that's a risk I'm willing to take. You - you hypothetical marketer you - should be too, unless you're a bank. A pissed off customer is not one who will do business with you no matter how many mailings you send.<p>edit: typos and correctness