I thought it is common sense that USB is the last thing you want to touch in regards to security. And people actually trying to consolidate their password into a single attack surface on a USB device that can easily be cloned or modified or misplaced. On top of that, the famous power plant virus is USB based regardless how the system is build with high security protection. And not to mention it is also sounds a lot more reasonable to ask for new USB when it is physically misplaced, as a know some people tends to lost their keys a lot more than they forgot their password. I really don't know what is going on with these people.
You didn't understand the article. It's not "USB over password", it's USB key + password. This is two factor authentication, and it's more secure than simple passwords. Hijacking/cloning the USB key isn't going to get the hackers anywhere, so that's simply not a concern.