I think federated identity is the way to go. Technically that's what we have now, ie every identity provider I'm aware of lets you reset your password via email, which is federated.
But we tried federated and users didn't care. They want convenience. Maybe with privacy apparently picking up some public interest, we can try again.
> every identity provider I'm aware of lets you reset your password via email, which is federated
I'm not sure I understand what you're getting out. Federated identity is far more than self-service password reset. And as far as convenience goes, how many places do you use your google/github/facebook/linkedIn/twitter credentials to log into a third party? How convenient is that? That's identity federation. The problem is that those companies own your identity profile and use it for their purposes, not yours.
But we tried federated and users didn't care. They want convenience. Maybe with privacy apparently picking up some public interest, we can try again.