http://stackoverflow.com/questions/9197484/generating-client-side-certificates-in-browser-and-signing-on-server

implementing this into an authenticator seems straight forward: generate client certs after first login and link it to a user's account. the next time that user visits the website the browser will automatically pick the right cert to authenticate itself. depending on the browser settings a confirmation dialog might pop up.

thinking even further the authenticator could also require the user to enter a password after manually logging out and accessing the site again. in that case i'm assuming that the user doesn't want other people using the same machine to be logged in automatically.

why do we still have to fill out login forms?