I personally think we need to move beyond passwords. Except that for any possible solution I can think of (my personal favorite concept is two-way unique key exchange per-site per-user which can be performed offline if necessary), there's always a snag: the better fool, so to speak.