It's not the ultimate platform. Arguably, it's not even a very good platform. What it is, however, is the best platform we currently have.
The idea of using email for password exchanges is fraught with difficulty, and not only because there's a lot of terrible email providers that don't even support starttls on their mail servers. Net-savvy people have fought a war to have HTTPS implemented across the web, can you imagine how hard it's going to be to get people to fight for implementation of security they can't even see? Ask your nearest non-technically minded friend if he knows if his email is encrypted in transit, and then ask him if his bank website is.
Someone elsewhere in the thread mentioned they'd only just started using key-based SSH login, and how it seemed to them the best thing since sliced bread. Extend that a little further with keyphrase protected keys and ssh-agent/pageant/whatever macs use, and you have a much, much better platform than "emailing a temporary password."
The problem I see with implementing something like that is getting it off the ground.
The idea of using email for password exchanges is fraught with difficulty, and not only because there's a lot of terrible email providers that don't even support starttls on their mail servers. Net-savvy people have fought a war to have HTTPS implemented across the web, can you imagine how hard it's going to be to get people to fight for implementation of security they can't even see? Ask your nearest non-technically minded friend if he knows if his email is encrypted in transit, and then ask him if his bank website is.
Someone elsewhere in the thread mentioned they'd only just started using key-based SSH login, and how it seemed to them the best thing since sliced bread. Extend that a little further with keyphrase protected keys and ssh-agent/pageant/whatever macs use, and you have a much, much better platform than "emailing a temporary password." The problem I see with implementing something like that is getting it off the ground.