You have a secret that can ruin your life. It’s not usually a well-kept secret. Kill the Password: Why a String of Characters Can’t Protect Us Anymore article tells that just a simple string of characters—maybe six of them if you’re careless, 16 if you’re cautious—that can reveal everything about you: Your email. Your bank account. Your address and credit card number. Photos of your kids. The precise location where you’re sitting right now.
No matter how complex, no matter how unique, your passwords can no longer protect you. And the way we daisy-chain accounts (our email address doubling as a universal username) creates a single point of failure that can be exploited with devastating results.
Access to our data can no longer hinge on secret word. The age of the password is over. Look around. Leaks and dumps are now regular occurrences. Everyone is a few clicks away from knowing everything.
We just haven’t realized it yet. And no one has figured out what will take its place.
There have been several options on trial but none of them have become enough widely used and easy to use. For example smart cards for authentication fall short on lack of smart card readers on all computers (and problems related to reader software). For SSH connections I have tried to use SSH keys and certificates instead of passwords where I can, but that is not practical everywhere. And in many web services there is no possibility to use other authentication than old fashioned username and password.
In the short time I expect that you see more and more two or multi factor authentication schemes to be used where password is one factor and then there are other factors to add the security. Combining two or more factors increases security considerably (none of the factors need not to be 100% secure for this to work well).