Passwords became ubiquitous, they were everywhere, they had to be remembered, and this created a new problem for users as passwords were not user-friendly. Users began to "cheat": reusing passwords on different systems or using ridiculously simple passwords, starting with 12345 and culminating in a one-character password such as *.
Something had to be done to protect the security principles behind passwords, so password policies were introduced in the 1980s. These mandated minimum password length, complexity and age. These guidelines remained unrevised for about 40 years, until NIST recently declared that cyclical password changes do not add to security, but actually weaken it, because people tend to write down the now very complex and hard to remember secrets. And as complex and policy-mandated passwords flooded institutions and businesses of all sizes, password managers began to emerge in the 1990s, the first of which was written by none other than Bruce Schneier himself.
The computerised society was not ready for strong passwords, while internet connectivity and increasing computing power paved the way for criminals to steel, crack and brute-force passwords. A new technique was proving very effective against them: two-factor authentication. Two-factor authentication, or 2FA, is a technique where a user provides not one, but two different aspects (factors) of their authentication, where these factors must be very different in nature. Typically, passwords are used as the first factor (called knowledge), while a second factor, often something that proves ownership, can be used to provide additional proof.
Although 2FA was formally developed in the 1980s (with RSA and AT&T as forerunners), it did not take off at scale until the means of providing the second factor became more accessible.
2FA made the world a safer place, but not for very long. In most of these systems, passwords still played a crucial role in authentication, and soon we started seeing news of 2FA being bypassed here and there on an almost daily basis. Something completely new had to come, not just another layer of security to patch a now broken design, but a completely new approach to authentication.
This new approach finally had a name. It was called passwordless multi-factor authentication. It used two or more factors for authentication, none of which was a password. It used advanced cryptography under the hood, but it was very user friendly and finally promised to solve all the problems of previous authentication schemes.
Systems secured by passwordless MFA became almost unbreakable, and so passwords were doomed to disappear in the not-too-distant future.