You see articles like this quite regularly and they always don't quite solve the problem. Most solutions rely on computers keeping a secret, usually a hash on the server, or a private key in the browser.
Due to the possibility of poor client side security the private key approach is a none-starter as malware could get hold of it. You could password protect the key, but in that case you would need to prompt the user regularly to avoid the key being held in memory. In that case you might as well just hash the password, and generate session cookies.
Due to the possibility of poor server side security the hashed password option is also problematic. We have to trust that the website will use the right algorithm.
Any solution must avoid the need for computers to keep secrets. That is difficult.
A valid point but we all know there is and can never be any true security as long as the programmers of systems are human. This approach is definitely useful but not always. I wouldn't want my email account protected by it but we all have some accounts where convenience is more valuable than security and others where security is preferable to convenience. Since we'll never have a perfect system the trick is to know when to use each technique.
Due to the possibility of poor client side security the private key approach is a none-starter as malware could get hold of it. You could password protect the key, but in that case you would need to prompt the user regularly to avoid the key being held in memory. In that case you might as well just hash the password, and generate session cookies.
Due to the possibility of poor server side security the hashed password option is also problematic. We have to trust that the website will use the right algorithm.
Any solution must avoid the need for computers to keep secrets. That is difficult.