You probably have already seen some form of these - Windows 8 comes with picture passwords (see here).
Android has been providing various lock screens since a long time (see here, for example).
Hardware based solutions abound in the enterprise world ( see RSA SecurID, for example).
Companies have been working on graphical and picture passwords based logins for some time (see alternatives to passwords).
Bio-metrics - the use of facial recognition, voice recognition, finger-print matching(, or even retina scanning) - is coming out of science fiction (see How Biometrics Works). You probably already used laptops that come with a finger-print scanner. A lot of banks are deploying voice-based identity verification for sensitive transactions (see this article).
There are many other innovative techniques employed as well - one-time-passwords sent to phone, phones generating one-time-passwords, combining different authentication techniques (called multi-factor authentication), and so on.
What does this all mean? It means that, truly secure logins is possible. There are many different ways to identify yourself to a web site other than static and weak passwords.