I've been intrigued by trying to circumvent passwords completely. On the vast majority of websites your password already is only as secure as your associated email account. You control the email you can reset the password. So maybe we can build on that? Instead of entering a password I entered a code that gets emailed to me either manually out via link. For important things we can airways supplement with another token from a TFA app or better TFA device. I'd argue that this would be more secure for the average user and more convenient for at least some users and use cases. I personally would find this mildly annoying on my laptop where I'm already logged in to a password manager, but convenient on my phone where logging in to a password manager is a major pain. Cheapshark.com does something similar and as a user I find it a great experience. It's more of an obvious fit for something like this where your account isn't very valuable and you use infrequently, but it's really no less secure.