A crucial and immovable flaw in many security systems is humans. If people can't get something to work properly, they will find a way to make it work improperly. I find that there are a great many places online that I don't think need passwords. It's just something I don't want to fuck around with for trivial uses. So either I don't go there, or I work around it. The problem comes when people do exactly the same thing with a really, really important system.