With today’s technology the last step in user authentication is placing a cookie on the client computer, and data from that cookie is transferred with every page load and AJAX request. A skilled hacker can sniff out the cookie and use it to take over the user session. After that all the passwords are use less.
I feel like for Web 3.0 there should be better and cheep way to be able to authenticate an user and store authentication token. It is too expensive for most people to get a SSL certificate, and even more don’t have access to the resources to host an secure website.