People pick predictable passwords. Thanks to compromises of large sets of random passwords, we know far more about how to predict passwords than we ever did in the past. That means that, given a new password database, we can crack more passwords with a shorter search.
But it gets worse. A long time ago, people interacted with very few systems with very few passwords needed. Today people interact with many systems, and most still use very few passwords. (Yes, I know all of the ways to make more passwords feasible. The fact is that people don't do that.) Therefore if you target a low security system, you frequently get access to much more worthwhile accounts on another system entirely.
Because of both problems (particularly the second), passwords alone are not sufficient for anything that actually needs reasonable security.
The only threat to safety will be the human element as btilly suggested.
I know at least two websites that ask for a username, a password, and they also give a capcha. I have some websites that won't let Chrome save my password.
Really, I want a hardware thing with a long secure passphrase, that has all my other usernames and passwords (12 character alpha numeric with upper and lower case) in it, that confirms my identity to all these different websites. (Can I do this with Yubikey? or anything else?)
Similar project without the hardware is mozilla's persona, which is an open standard
if im not wrong and it is better than signin using fb or gmail,
as it wont be sharing any user data with website.
What the world needs is a future proof de-facto way of two factor (or more) authentication.
We don't really know what the future tech will be like. Most changes are evolutionary, but who knows, maybe tomorrow we'll have a quantum CPU with a trillion times more computational power.
Solving 1024-bit key in SHA (or sth) will take as much as 512-bit key using a comparable traditional computer. So it's still hard, and will always be.
That's a pretty bold claim, considering we're just beginning to understand quantum phenomena. Plus you have zero clue about what else awaits us in the future.
(We do not know everything about that class, yet. But we strongly suspect that it is neither a superset nor a subset of NP.)
Anyway for my statement I was only interested deterministic polynomial time (perhaps with access to randomness) with or without quantum capabilities.
"Why Philosophers Should Care About Computational Complexity" (http://arxiv.org/abs/1108.1791v3) is a good read about this---amongst other things.
So I guess if you meant subset, then you didn't mean to write "quantum ___non-deterministic___ Turing machine in P-time"?
Of course, we are human.