As hard as remembering different passwords for different sites is for the end user, I really think it's about time the user took a step toward meeting security and engineers in the middle.
Did 20th century humans think key rings were too complicated? Why are we implementing tokenization, one way hashing, etc. when the end customer can do this much more securely? Oh yeah, we'd like to get at their data when they're not around..
Exactly. But sadly you're in a tiny minority of people thinking about the security implications. Most developers don't: which is why we're having countless OAuth exploits and whatnots.
Schneier wrote a long time that anything too complex cannot ever be secure. That's the case of OAuth and of many federated/unique/single sign-on logins.
Did 20th century humans think key rings were too complicated? Why are we implementing tokenization, one way hashing, etc. when the end customer can do this much more securely? Oh yeah, we'd like to get at their data when they're not around..