Uploaded image
I'm sick to the teeth dealing with passwords. Even Soundcloud's OAuth implementation with my Google identity is messed up (clean cookies or make a new identity).
New capabilities often come by combining technologies. Perhaps we can think about passwords differently as capability tokens and generate them via smart contacts?
A smart contract is a computer protocol intended to facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts were first proposed by Nick Szabo in 1996 page 
ToDo - we've spoke during Wednesday's Wiki HOA about a wiki plug-in. I cant see how we can secure systems even with Millers best work w/o addressing user passwords. Perhaps a post-password capability token plug is an idea we can discuss based-on Splash 2017.