Why security is not working - and the rest
Incompatible security standards - A former employer insisted that Single Sign On passwords were exactly 8 characters in length because that was the maximum one system could cope with and the minimum for another.
Username/Password proliferation - Every organisation with a web presence feels the need to do its own user authentication, with no standardisation. Some use your email address as a username, some let you pick your own, some assign one to you, tough luck johnsmith6355478! I know there are password vaults available but that's putting all your eggs in one basket and addressing a symptom, not the disease. Most online retailers accept Visa/Mastercard/Amex, could these organisations or others provide an identity authentication service using a single username, secret pin and keyfob passkey generator like the one I use for my work VPN?