Steve Gibson founder of GRC talks about SQRL his password alternative. Free. Requires users to be responsible for their own security and backup their own keys. I trust this because Steve is a smart guy. BTW listen to Steve’s podcast called SecurityNow on Google Podcasts. This seems like a natural fit for 2 factor authentication.
SQRL client for windows here https://www.grc.com/sqrl/sqrl.htm
SQRL client for Android available in the Google playstore
SQRL wordpress plugin here https://wordpress.org/plugins/sqrl-login/
why do we need to replace or augment passwords?