Passwords suck. They're often weak and reused, making them one of the least secure parts of web applications. This is such a problem that entire industries of password managers and two-factor authentication products have popped up as extra layers of security. To really address this issue and make our users and products more secure, we need a more fundamental change.
The problem with passwords
Past attempts to fix this (and their issues)
Better approaches (and their implementations)
Putting it all together
Pros and cons