I'm a bit slow, and so only today realized that Medium allows for email-only login. Note that they used to allow only a Twitter or Facebook login. This is actually quite an innovation. Yes, it does require that people have an email address, and have access to it, but even those who don't (folks who are mostly on Facebook and the like) had to create an email address. Also, those with Android mostly have to have an email address as well.
While relying on the security of email is not the greatest idea, it does seem to be better than relying on passwords. I applaud this change.
Yahoo Mail is also doing away with passwords, requiring mobile devices to respond to push notifications to secure access to email. Of course this merely displaces the problem back to the level of the device, but still, better than passwords (potentially, actual security analysis and research should be the one to answer this).
Note that Google as well is apparently testing such a system for security (no passwords).