At the RSA conference, Bill Gates called, again, for an end to passwords and vendors hawked all kinds of gadgets to make that a reality. An article at c|net examines why passwords are still popular. My own summary of why passwords continue to be the authentication solution of choice is simple: they're good enough.
This is a reason that Bill Gates ought to understand. He's made billions selling products that were good enough, even as many recognized that they had significant faults and there were other solutions that were better. Passwords cause no end of grief, but in the end, most users find them a good tradeoff between security and inconvenience. The lesson for CIOs: spend money making your password system effective (from a security standpoint) and efficient (from a help desk standpoint) and you'll probably end up where you need to be.