Safely storing passwords: https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
Interesting proposal for fixing your outdated session auth architecture. Haven't made up my mind though when you should use this over fixing your session handling. https://developers.google.com/web/updates/2016/06/2-cookie-handoff
Selfie auth? Could be an option, maybe not for day to day use but definitely as a fallback: http://www.independent.co.uk/news/business/news/amazon-files-patent-to-offer-payment-with-a-selfie-a6931861.html
OpenID failed but it's definitely not a failure.
http://www.webmonkey.com/2011/01/openid-the-webs-most-successful-failure/
...at least make them useful: Combine a goal with your password. You'll get reminded a couple times every day. Of course don't replace your "secure" pass algorithm with it but it can't hurt appending it.
So long and "{{REGULAR_PASS}}EndAllPasswords"
https://medium.com/the-lighthouse/how-a-password-changed-my-life-7af5d5f28038#.1zwucmifj
...that's how they are supposed to be stored and why. http://dustwell.com/how-to-handle-passwords-bcrypt.html
Passwordless logins make total sense. I hope everyone will go that way.
https://medium.freecodecamp.com/360-million-reasons-to-destroy-all-passwords-9a100b2b5001#.36tcte81v
One thing to think about no matter if though is that your email account is the one key account that allows you to make use of passwordless login or password reset in case of forgotten passwords. As stated in the article: "your email account is the skeleton key to your life". If you loose access and can't recover you are screwed. So: keep it secret, keep it safe!
There are two types of companies: those who have been hacked, and those who donβt yet know they have been hacked.βββJohn Chambers