I'm not sure this settles all the security concerns raised in this thread, but https://certifi.ca/ is a really neat thing.

You get a client-side SSL certificate for your browser, and certifi.ca securely identifies you using that. There is no password.

The OpenIDs it provides are still http://, not https://, though, so it seems vulnerable to certifi.ca's DNS being hijacked. I wonder why that is; maybe most OpenID consumers out there don't understand HTTPS? If the OpenIDs were https://certifi.ca/username, then would this not be totally secure?