Here are pointers to papers I touched upon (very briefly of course) in my RWC'2017 talk:
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols
(slides)