What exactly is your point here? That certificates are worthless and shouldn't be used? (They aren't) That they are overused? (possibly). What's the alternative here anyways? two factor auth? I mean, I'm trying hard to find value in your post, but I'm not getting a lot of good points out of it. People misuse certs for sure, but that doesn't mean that as an authentication mechanism that they are useless.