The person you replied to is pretty much right, Estonian ID-card has solved 99.99% of authentication and signing problems for it's citizens, the support is mandated by law and very widespread. There are a few flaws but those are minor compared to the softly put clusterfuck rest of the world is dealing with.
I'd rather not start compiling a list of password-username database thefts, credential stuffings, identity thefts, forged paper signatures, the time lost to inefficient paper procedures, secrets stolen due to how hard it is to encrypt things etc. etc. etc.
Of course we have to be disciplined, but other things can't even remotely reach the security such a solution provides. Your comment has very FUD-y undertones, rising concern about a very minor thing if you actually look at how much it solves and how much better it is compared to other widespread applications.
I'm extremely enthusiastic about smartcards, even trying to build a startup around making it easier to deploy and build services around smartcard-based authentication and key management. I agree that in terms of overall security they're incomparable to the existing mess. But, fair point--I flubbed attempting to articulate a tangentially related concern.
The person you replied to is pretty much right, Estonian ID-card has solved 99.99% of authentication and signing problems for it's citizens, the support is mandated by law and very widespread. There are a few flaws but those are minor compared to the softly put clusterfuck rest of the world is dealing with.