Mozilla is trying to do something about it.
Mozilla Proposes to Sign-in Only with the Email Address, No User ID or Password Required (InfoQ)
Mozilla wants to simplify the authentication process when connecting to websites by using just an email address without the need to enter an ID or a password. The new authentication solution is called BrowserID. An email address is verified only once in the beginning by the email provider or an authentication authority through the mechanism of their choice – hardware, biometric, encrypted keys, or, for example, by sending an email to the user’s inbox, the user clicks on a link, and the user is thus authenticated as the owner of the respective email address.If you're of a technical bent, read the whole thing because there's more to it than just the quote above would indicate.
If, however, Mozilla doesn't also offer an email service that does not rely on a password for user authentication, there's still a problem as the proposed solution simply makes the email account password (or the not-so-awesome password reset question and answer regime) the magic key to everything. This may or may not be an improvement on the status quo. I guess it's up to the individual to say.
The need would still exist for a new kind of product, an "identity bank" to provide the half of the equation Mozilla envisions email services supplying. In the system Mozilla envisions, some enterprising sort should offer a paid email service that harnesses biometrics and human customer support in user verification. Combined with Mozilla's proposal, that might actually work.
Humans and Passwords to divorce, site Irreconcilable Differences
It's still too early to write that headline but perhaps Mozilla has brought that inevitable day a little closer.
