I wish websites with user accounts would offer the option to "login via email" - as in you'd type in your username (or preferably your email) and maybe a captcha and then you'd login by clicking a link it sends via email afterwards. Ideally having a password associated with the account at all would be optional.
I have a Gmail tab opened just about 100% of the time I'm on the computer, so this would be very convenient for me as an alternative to having to remember passwords for sites that I visit once a month or less (and end up having to get a "password reset" link via email every time I log in anyway), and then I'd only have to keep my Gmail account secure (which I do via 2 factor).
To be honest I was mostly using the comments section for this link as a soapbox, I realize the idea isn't too relevant to this particular case with Dropbox, as no passwords are known to have been revealed. Sorry.
Though, I do think it would often mitigate the damage from this type of security breach that it seems like we've seen so much of from big name tech companies lately. I'd guess that a majority of accounts created on the internet are pretty unimportant to the account creator, and with how often passwords are reused indiscriminately, the worst effect of these password leaks is often not the unauthorized access to all those accounts on the hacked site but rather the usernames and passwords themselves - which are very often reused for bank, email, etc. accounts. With my proposal, anyone who opted not to have a password wouldn't be vulnerable to that.
The trouble with that solution is that email is not an instant protocol. It's usually instant, but SMTP RFCs give mail servers up to 72 hours to deliver before they must send back a delay notification.
We use Google Apps to host our email, and I've seen plenty of occasions where their systems don't deliver mail immediately. This "issue" used to generate a lot of calls when I was doing freelance consulting. "Bob sent me an email over 20 minutes ago and it's still not here." I'd get those calls all the time.
Imagine you're trying to get logged in somewhere and you have to wait an hour or two for an email to show up.
Having your webmail service also act as an OpenID provider would be much simpler. I often login with Gmail (or rather my Google account) on sites that support it.
I have a Gmail tab opened just about 100% of the time I'm on the computer, so this would be very convenient for me as an alternative to having to remember passwords for sites that I visit once a month or less (and end up having to get a "password reset" link via email every time I log in anyway), and then I'd only have to keep my Gmail account secure (which I do via 2 factor).