For serious systems-based access, it's been key-based auth for most of the past decade. Even embedded systems (switches, routers, load balancers, DD-WRT-based WiFi routers) offer SSH key-based auth.
Key management presents its own set of problems, but most are vastly preferably to using poorly-selected passwords on a myriad of sites.
I'm always tempted to switch to key-based auth myself, but I travel a lot and the thought of me losing my private key and thus being permanently unable to decrypt my files/log in to my servers scares me to death.
That's the fatal flaw in the key-based system: while the chances are slim, if you lose the key or it gets stolen (stolen laptop?), the consequences far outweigh the benefits. I'd rather just remembering a complex password for personal encryption/ssh, use a simple throwaway password for general web app use, and not have to worry about losing a key.
Key reissue is really just a slightly modified case of password reset.
In my case, for work systems, I'd either fall back on a system password (yes, they exist and can be used, but rarely are, and are secured), or make an out-of-band request to a co-worker.
In a larger context, you'd want some way of demonstrating that you are who you claim to be (not a trivial problem, but essentially the same one that exists in the password scenario). A one-time time-limited token would be distributed, notifications sent to your contact address(es), and once on the system you'd generate/provide a fresh key.
Keys should, of course be protected. With passwords. As I noted elsewhere, you're not going to eliminate the use of passwords, but you can greatly reduce the threat surface and present problem of huge numbers of readily attacked, weakly secured accounts, many with reused passwords which can be found in existing password corpora.
You can simply back up your key (encrypted with a password!) on a cheap USB stick or CD you keep somewhere that you consider safe enough for your purposes.
It could be a one-time issue used only to set up a secret. I think the fatality in question is the user-selected password, which is proving useless at scale.
Passwords not shared across multiple systems, and used rarely, on physically secured and/or proximate systems. The threat exposure is vastly reduced.
The main problems with passwords today are 1) rampant reuse and 2) very effective cracking tools based on known password corpuses. Even a small corpus of a few hundred of the most common passwords will generally access some account on a given system.
For serious systems-based access, it's been key-based auth for most of the past decade. Even embedded systems (switches, routers, load balancers, DD-WRT-based WiFi routers) offer SSH key-based auth.
Key management presents its own set of problems, but most are vastly preferably to using poorly-selected passwords on a myriad of sites.