Of course, the real solution is to get rid of passwords. Web sites should switch to using OpenID authentication.
One problem is that a lot of identity providers,* such as Google, have switched from classic OpenID to OpenID Connect. Because of the OAuth 2 underlying OpenID Connect, it has become more common for IDPs to require each relying party* to enter into a contractual relationship with the identity provider. With classic OpenID, if you had an identifier URL from a given IDP, you could use it on any RP. But in OpenID Connect, you can't use your identifier unless the RP has a client ID and client secret pair issued by the same IDP that issued your identifier. There is a Dynamic Client Registration protocol for an RP to automatically obtain a client ID and client secret from an IDP, but no major IDPs appears to support DCR. If there are n RPs and m IDPs, a human has to review and accept a contract m*n times, and managing this becomes O(n^2):
* In OpenID, an "identity provider" is the website that issues OpenID identifier URLs and takes your password, such as Google, and a "relying party" is the website that takes your OpenID identifier and redirects you to the identity provider to log in.