The whole point would be to move off of shared secrets, so data breached from one company's DB wouldn't be usable to impersonate the victims elsewhere. The idea is to abandon the idea that any data (which ever leaves the consumers's hands) is private or needs to be protected to prevent ID theft.

We have the technology, i.e. certificates, signatures, smart cards, identity federation like SAML.