Reliably generating good passwords

You're right. We shouldn't use passwords. We should use OpenPGP keys, SSH keys, X509 certificates, tokens and so on, as much as we can. *But* those are only as secure as you can physically protect them. So you encrypt them. So you need a key, so you need a password, and we go back to those damn things.

I don't know of *any* general solution to the password problem right now. No system that I know of completely removes them. It would be great, but at this point we need to be pragmatic and teach people how to *correctly* generate and use passwords...

Even if it's hard.