At some point I'm starting to see the appeal of completely abandoning passwords in favour of email or SMS-based token creation.
You attempt a login, they send an out-of-band request for confirmation. You do the confirm, and they let you in. Like a superfast streamlined version of the "reset password" email.
The existing 2 factor auth basically does this, without the requirement of SMS, internet, or any connectivity really in general. The OTP tokens are based on time or a counter, and a secret key.
You attempt a login, they send an out-of-band request for confirmation. You do the confirm, and they let you in. Like a superfast streamlined version of the "reset password" email.