I honestly don't understand a lot of the comments in here. For starters, many websites (eg Twitter) require email confirmation for new signups and password resets. This is not so different, the UX related commentary is superficial at best. After the initial activation / a reset you're back to cookie based auth, just like most sites.
Second, there is not a single mention of the biggest problem with passwords currently: the apparent inability of many sites to store them securely. I'll take this method of authentication over a password based one any day for probably 90% of the sites I have an account with currently. Especially sites like HN (not implying insecure password storage on HN - just saying for any forum based sites, it's more than adequate IMHO).
Second, there is not a single mention of the biggest problem with passwords currently: the apparent inability of many sites to store them securely. I'll take this method of authentication over a password based one any day for probably 90% of the sites I have an account with currently. Especially sites like HN (not implying insecure password storage on HN - just saying for any forum based sites, it's more than adequate IMHO).