We consider the problem of secure identification: user $\U$ shall "prove" to server $\S$ that he knows the agreed-upon password $w$; this proof should be done in a way that gives away no information on $w$ to a dishonest participant (besides what is unavoidable). We propose a solution in the bounded-quantum-storage model, where $\U$ and $\S$ may exchange qubits, and a dishonest party is assumed to have limited quantum memory. No other restriction is posed upon the adversary, and we show that some restriction is necessary. An improved version of the proposed identification scheme is also secure against a man-in-the-middle attack, but requires $\U$ and $\S$ to additionally share a high-entropy key $k$. The reliance on $k$ is weak though: security is still guaranteed if one party loses $k$ to the attacker but notices the loss. In both versions of the scheme, the honest participants need no quantum memory at all, and noise and imperfect quantum sources can be tolerated. The password $w$ may be non-uniform and with low entropy, and in every execution of the scheme, the attacker can exclude at most one possibility for $w$, which is unavoidable. The schemes compose sequentially, and $w$ and $k$ can be re-used an unbounded number of times, even if the scheme is under attack. A small modification to the (improved) identification scheme results in a quantum-key-distribution (QKD) scheme, secure in the bounded-quantum-storage model, with the same re-usability properties of the keys, and without assuming authenticated channels. This is in sharp contrast to known QKD schemes (which do not pose a restriction on the adversary's memory) without authenticated channels, where authentication keys need to be updated, and unsuccessful executions make the parties run out of keys.