It will get to the point that we need biometric scanners or implanted RFID chips with private keys to do authentication, since brute forcing even unrememberable passwords will be trivial eventually.
Why? There are plenty of ways to make brute force hard or damn near impossible, it's just a little harder to implement. It has been discussed a lot of times here at HN and other places.
Also, do you really think that storing private keys on RFID would be a wise choice? I would put that in the "stupid as fuck"-category, just above storing your keys on a USB-stick, as they are both easy to copy and duplicate, and with RFID I could do it remotely.
A real solution to all of these problems would be for people to stop reusing passwords. You don't really need the account passwords when you basically have access to all the data there anyway.
That's the problem, though. If people didn't reuse passwords, if people didn't use words and personal information in passwords and if people had no problem changing them every day then a lot of problems with security would be solved. But those are not realistic expectations, and blaming users for not being computers does not solve the problem.
Slow hash function certainly help, but I think we also need something that goes beyond straightforward cryptography to address authentication issues. Something that redefines the rules of the game to be more human-friendly and less computer-friendly.
But then again, I never even heard the question being phrase this way: what do we want from "program-less" authentication and what we can use to achieve it.
