Obvious surveillance state propaganda. The article is using straw man argument to push biometrics which are designed to take control over the possession of authentication away from the user and into the hands of anyone who has physical control of that user. If passwords were replaced by biometrics it would have had no effect on the Equifax or the Yahoo breaches because each users data is not protected and or encrypted by an individual users password. Everyone needs to be quite clear in that, for example in the Yahoo instance, the users password is only used to authenticate with the server, it is not used to encrypt the data. This is why hackers steal millions of accounts at a time, once they have backdoored the server the accounts are there for the taking. In both those instances the accounts could be easily secured. Yahoo for example. User enters username and password. Browser creates sha-2 hash of them. Hash is used as user account name and as encryption key. Therefore even on the Yahoo server, accounts would be encrypted and no one, can know whose account any of that data belongs to and therefore have no way to access it without every users username and password. The problems across the internet at every level and in every instance is a direct result of the evil intentions of the tech corporations whose primary objective is to coerce the masses into believing they can be trusted with tbeir data and communications so they can spy on it. That is why it will always be open to hackers, if the corporation can have access to everyone's account so can hackers. They are all despicable liars, and this article is just more of their propaganda.
I still think 2FA is the best solution. But it shouldn't only work with smartphones, you should be able to use all type of devices, like the desktop/laptop itself. This is handy for people who only use a couple of devices for stuff like online banking and email.
This sounds quite handy: https://gsuiteupdates.googleblog.com/2017/10/making-google-prompt-primary-choice-for-2sv.html