So does this system not require that I set a password for my account?
Everything I have read about this approach seems to imply that passwords are still used, only perhaps not as often.
For instance, there's this quote from the article:
"Bellovin and others say one potentially tricky scenario in this new passwordless authentication scheme is what happens when someone loses their mobile device, or their phone breaks and they can’t recall their iCloud password."
Yes, of course this protocol can't somehow prevent sites from having a password (as a last ditch backup, or for any other reason) but it's intended to be used without passwords and, if you choose and have a more capable device, even without usernames.
Well, I hope you're right that passwords are essentially remnants of previous authentication schemes and not something implicitly required by this new scheme.
I could see us ending up in a world where we need a password to access the device on which the key is stored and more passwords for account recovery and access to key backups.
