I think an even better solution would be to remove the password completely, allowing users to login with only an email address. Each time a user needs to login, they enter their email address and receive a login link via email.
I’ve been thinking for the past few months that authentication is probably the most widespread usability issue on the web right now, if not generally in personal computing, with no obvious and universally acceptable solutions or improvements in sight. In addition, i shudder at the thought of how much development time is spent on re-implementing and re-designing the same basic authentication patterns with little progress or benefits over existing solutions. Maybe Ben Brown is onto something with his proposal. He also posted a follow-up, addressing some questions and issues that came up after the original articles publication.