The best way to protect your online passwords: trust each company that possesses your information as little as possible.
if one of your passwords—and you should have many—hasn’t already been stolen, one will be. It doesn’t matter how long it is, or how closely it resembles an indecipherable alien language; someone who is not you will eventually obtain it, and there is nothing you can do about it. Some company that you exchange information with is going to reveal your password to someone else.
It’s time for fingerprint identification, not triple verification.