Re: This will never be fixed?
The accepted wisdom is that security is hard, and just once in a while wisdom is accepted because it is true rather than simply because it is easy. The problem is that in general you want to offer people the simplest thing that can possibly work, but that either relies on human factors ( such as users being able to choose a good password, which is tricky because users are humans ) or mechanical factors ( such as locking an account to a single machine with a specific certificate on it which become problematic when the user loses access to the exact mechanical configuration they were using or needs to access the service from another system or location.)
There are good ideas around but it doesn't seem as though anybody has really got to the heart of this problem yet and a lot of very smart people on the usability and security sides have been working on it for a long time.