The FIDO (Fast IDentity Online) Alliance has been working since its founding in 2012 to supplant passwords with what it calls “an open, scalable, interoperable set of mechanisms” for secure authentication.
Those mechanisms are designed to go beyond “something you know” (the password) and rely more on “something you have” (token or wearable) and “something you are” (fingerprint, voice, face, iris). Those recognition mechanisms are stored only on the user’s device. Passwords are “shared secrets” that reside on both the device and on a server that, as we all know, can get hacked.
To compromise those nonpassword authentications, an attacker would have to get physical possession of the device.
Phil Dunkelberger, CEO of Nok Nok Labs and a founding member of FIDO, has said more than once in the past that the username and password paradigm “was never designed for, and is inherently incapable of addressing, the use cases of modern society.”
That doesn’t mean it doesn’t help at all to follow what are considered good password protocols. But doing so shouldn’t give you a false sense of security.