Well, it's about time that companies use a downloadable client (program, app) something like Bitcoin or PGP where the user does all the password stuff on his/her computer at home. The passwords would never be stored by the company. The company (or bank) would never have to supply back-up passwords. The whole thing would be inside the encryption on the User's computer.

There could be secondary companies, like online Bitcoin wallet companies, that handled certain aspects of the encrypting and decrypting. But they would never hold enough info that they could view or use the password. In the Bitcoin world, the Blockchain company at https://blockchain.info/ is a company that does this regarding the wallets they host online. If they carried their idea a step further, they would never even maintain the login Username and Password in their files. It would all be on the user's computer.