The alternative is various forms of biometrics. You still want some form of something you know, or something you have, along with the biometrics themselves. That's really the “something you are” in the scheme they refer to as “multifactor authentication”.
I think if you look at the thumbprint readers today and at some of the facial recognition technologies in the marketplace, they're becoming far more robust. In most cases they're a more powerful authenticator than a customer's username and password.