making passwords obsolete
It seems like most of these solutions are designed to make it easier to use, not more secure. How does logging in with your social media account make things more secure? Yes, it means you have one less password to remember, but it also means that if your social media account is hacked, the hacker not only can send Facebook messages on your behalf, but can also empty your bank account. That doesn't seem like a good plan to me.
How does Yahoo's plan to eliminate passwords in favor of text message tokens make you more secure? That means (a) if your phone is lost or compromised, so is your Yahoo account and (b) since text messages are sent in the clear, an eavesdropper can just listen in and snatch it.
Security or convenience - pick either one.
Client side certificates are an interesting solution that has been around for a long time, but there are challenges regarding revoking them (3 out of 4 Fortune 2000 companies still have not revoked or replaced their SSL certificates compromised during Heartbleed.). There are also challenges of moving the certificates from computer to computer as you move around (home to work to Grandma's house).
We need to continue to discuss the situation and try different things, but I don't think we have found a silver bullet yet.
My two cents.