These sort of articles should definitely mention webauthn/passkeys. It's the only solution that actually solves these (including phising) problems.

Until there are no unified, standard solutions this is too difficult to be achieved in practice.