I think that the future for secure login could well be Mozilla Persona.
My only concern is that, like Open ID, & Oauth; it will not be targeted at the very people who:
need it the most,
are most likely to build an insecure site,
and who are actively looking for a login solution.
None of the three (Open ID, 0auth, Persona) show up in search results for
secure login script
secure login system
Yet the results pages are awash with login script tutorials.... many of which are well out of date, referring to now discredited/replaced standards.
And even if any of them were top notch..... read this and weep:
Anybody thinking of writing a login script from a web tutorial, really needs to read it.
But if there is no decisive effort to get Persona into the search results; sadly the vast majority of new site devs will continue in that same manner.
I joined the Persona community, and have raised this issue, along with my concern that the script offerings could be better packaged to help the less experienced site devs etc.
The community posts are displayed publicly.
Here are the points I raise and the ideas offered:
Perhaps you'll agree with some of my points, or none.
This is a community based project that could benefit every one of us, so have a look and check out their site:
In January, I'm going to start trying to integrate their scripts to enable Persona on my site.
We will see how easy it is then.