My question above pretty much answers itself, in that there is no clear successor to text-based passwords. Biometrics using fingerprints, voice, or iris have major security challenges and social acceptability issues, let alone cost and reliability. Special hardware tokens are good if you only have one or two of them, but not so much if you need 15 or 20 of them. Graphical passwords, such as PassPoints or Draw-A-Secret, are promising, but tend to be easy to shoulder-surf, and have the same memorability challenges as text-based passwords once you have 15 or 20 of them.
So until a better alternative comes along (and one that is well-vetted, cheap to deploy, reliable, resistant to phishing attacks, and usable), we’re going to be stuck with passwords for quite a long time. However, in the meanwhile, here are the three easiest and most useful things you can do to protect yourself:
Don’t re-use passwords for important accounts. Have a separate and unique password for each of work, personal email, social networking sites, and your banking web sites. There have been so many break-ins recently, that is you do re-use passwords for important accounts, you are exposing yourself to great risk for no good reason.
Use longer passwords. A lot of the advice out there rightfully advocates using special characters like &+=%$# as well as upper and lower case letters. This is good advice, but even better is to just use a longer password, at least twelve characters. The longer the password, the harder it is for an attacker to guess what it is.