With new techniques being used to shore up weaknesses of passwords, online criminals will be forced to focus more on the quality of their targets instead of quantity.
For example, some techniques protects against logins from unauthorized locations which forces the hacker to either find ways around fool the system or relocate near their victims. Since such systems are designed to make workarounds expensive if not impossible, net result is the same: online criminials will have to expend more time and resources per target.
Hardware tokens? Criminals know where they can get it from, don't they? Yup. You. It's the same for biometrics. You are the key and very few of us have bodyguards.
What all this means is that I think we'll see more personalized and/or physical attacks in the future. And we'll see more attention paid to physical security like alarms, stronger door locks and mailboxes.