Facebook's breach raises questions about Single Sign On systems, but if the web embraced Estonia's model of hardware cryptographic identities instead of treating two factor as an anti-phishing feature and socials saw our data as being as valuable as we do, we could finally have a secure web.