User names and passwords are inherently weak, low entropy means of authentication. The only reason we tolerate them in an interactive context is because the memory burden on humans to remember them is so heavy. No such burden exists in system-to-system communications.
