Came up with this way of getting rid of the password entirely.
- Let your web app X allow people to log in by inputting their email address
- Send them an authentication link in their email address.
- Let people use this session link to log in.
- When they click on logout then destroy this session and start again from step 1
No where was a single password inputted.
Now, just need to write some libraries to implement this method of authentication. 🙂