This article from the BBC states:
The number of passwords and logins web users need makes it inevitable they will re-use phrases, warned the International Telecommunications Union.
Re-using these identifiers puts people at serious risk of falling victim to identity theft, said the ITU report.
It called on regulators and businesses to find better ways for people to identify themselves to websites.
This just re-iterates what I’ve said before: “Time is ripe for distributed authentication.”
OpenID already exists, is fairly well proven to avoid these problems and has support in several programming languages and content management systems. The only barrier to overcome is getting joe internet user to understand how it works and how it benefits them.
But whatever you do, please don’t leave it up to regulators.