Yeah? What kind of a secret can replace a password/passphrase? Not biometrics, those are username replacements, not password replacements.

Keys. That are approximately equivalent to long passwords, but have a standard length, and do not need sending through the network. They are also something you have, that can be protected by a password for 2FA.

But that just won't happen. So many sites can not even accept big passwords, they won't all migrating to any sane schema.

They are password replacements in most contexts. The point of a password is usually just to verify your identity. Biometrics can do that just fine.

Biometrics are good replacements for usernames, but not for passwords. Biometrics can't be changed in the event of a breach, and can be taken from you surreptitiously or by force.

Yes, and those features are not necessary in most scenarios passwords are currently used.

Biometrics can be fooled, and even if they couldn't they can only verify your identity. They can't verify your volition.

They can be fooled now, but that is an implementation flaw, not a problem with the concept. I wouldn't cite the weakness of unsalted MD5 hashes as a problem with the concept of passwords.

I agree with your assessment of what biometrics can and cannot do. That is why I specifically said that in most situations, passwords are only used to verify someone's identity, and thus can be replaced with biometrics.

smartcards would be good for this.

Chip implants

How would that differ as a means of verification? It's not a known secret, just a different way of identification.

Not if the implant is writable. The xNT 13.56mhz NTAG216 RFID implant has 888 bytes of writable memory that could be used in this way.