In Sweden, the password is BankId, a two-factor authentication app that everybody has on their phones. It’s used by all government agencies, banks and insurance companies etc to establish identity. You literally use your ssn as username to login, plus a pin, to generate a one-time passcode (which happens behind the scenes so you don’t have type it in).

What if you don’t have a phone?

Not a swede, but we have a similar system in Norway. If you don't have a phone you can get this little device with a 7-segment display and a button that generates one-time authentication codes.

I know when you make an account with Nordea, they give you a page with several hundred codes printed on it. Each time you authenticate, you have to use the next code in the list. If you use any other code on the page, it's considered invalid. They instruct you not to mark the page so if someone takes your code page they do not know which one is the current code.

But then, how does the account holder know which is the current one?

In theory, by remembering the last one you used.

In practice, by just marking the damn pages.

How does an account holder know what their password is?

(They remember it, or they write it down and store it with their other valuable pieces of paper.)

Everybody (90% of over-12s) has a smartphone but you can also use a computer. 98% have internet at home.

Edit: latest statistics show >95% have BankId on a smartphone. See https://www.bankid.com/assets/bankid/stats/2019/statistik-20...

Some sort of 2FA code, either from an app on your phone, or a unique code page provided by your bank.