The problem with passwords is that servers store them... preferably as salted hashes.

Cryptographic keys are a much safer method of authentication, since the password never transits the network. Unfortunately, few web services use public key auth, and not many web servers support such authentication natively... which is a shame. In a well thought out public key auth implementation, the only thing a "hacker" will get is a bucket of public keys.

However, since passwords are a reality of today's Internet, it's a good idea to utilize a password manager.