Passwords are often reused and breached, exposing users to risk. While hashing passwords provides some protection, attackers can still crack passwords using GPUs, ASICs, and password lists from previous breaches. Public-key cryptography avoids sending passwords over networks but early approaches were still vulnerable. New password-authenticated key exchange (PAKE) protocols use blinding techniques and oblivious transfers to allow password-derived keys while preventing offline cracking. Implementation requires integration with operating systems and browsers, but proof-of-concepts demonstrate the potential to significantly improve password security.