Edward Lucas wrote a nice piece on how businesses can dramatically improve their cyber-security.
He says that:
“Well-run organisations will stop using passwords and logins in 2016.
Instead they will use identifiers that are harder to copy, fake, steal or guess […]
Security questions will stop being […] “mother’s maiden name”. Instead they will ask you to give numbers from codes continuously generated by an app on your phone. ”
In contrast, some people propose to extend the usage of passwords which are today the weakest link.
It is known that password security almost always fails, see for example the brainflayer tool for recovering passwords from bitcoin brain wallets.