A fingerprint scan must NEVER be considered as a replacement for a password. It can be used as an additional factor but must never be used on its own since it cannot ever be changed.
The best but simplest arrangement is to create a pattern that you can remember. One that allows changing over time but still remains memorable to you.
In truth, it isnt that hard to memorise a pattern of letters, numbers and symbols and there are many patterns you can use. It is the pattern itself that makes it memorable. This is true of words as well but we are conditioned to recognise meaningful words of course.
So a pattern such as:
mhall~ouat<14?05
"Mary Had a Little Lamb~Once Upon A Time<2014?May" - get it?
You can simply play with some of the symbols or simply the numbers. You might not want to use something quite as obvious as the base though if you are really paranoid because a really good rainbow table might be able to pick that up.
That example is 15 characters with both alpha, numeric and symbols. It could slightly be improved with a capital or two though in reality it is the possibility of upper/lower/numeric/symbol that is more important that their actual use in every password.
Such a password will be very strong indeed even against current threats. The biggest remaining threat is shoulder surfing or one of the more esoteric threads such as sound analysis (of your typing).
You can go further if you want through the use of additional factors such as a YubiKey or smart card but really you should use these as ADDITIONAL factors not a straight replacement. If you want to maintain maximum security that is.
Personally, I also use tools to remember most passwords and I favour a truly random, generated Windows password. None-the-less, it is only a single password and therefore not that hard to remember after a few practice types.
You should also note, however, that if you only rely on a Windows login password, you will still be exposing ALL data if someone gets hold of your PC. For true security, you need a UEFI BIOS, TPM chip, secured BIOS settings and full disk encryption. Only with these will you be able to have a reasonable expectation that attackers cannot get hold of your information if they get hold of the PC.
Next, you should also add additional protection to Windows. Microsoft EMET at least, preferably an application whitelisting tool (such as built in to AVAST AV). Application whitelisting only allows specific applications to run and is almost certainly the best current defence against zero-day attacks. With EMET to harden Windows and a good AV/anti-malware tool such as AVAST along with the other measures outlined, removing all software not needed and keeping up-to-date with patches on the remaining, you will be a safe as it is possible to be right now.
UPDATE: I realised that I haven't fully answered the question given which is about what options are available for logging in to Domains.
There are a great many tools for this and Windows supports a replaceable login capability which used to be called GINA, not sure if it still is. Login with smart cards is natively supported and there are many 3rd party tools to supplement (or replace) standard id/password logins on the domain such as one-time-password generators (such as RSA tokens) and the like. You can also tweak the password requirements for Windows Domains to enforce stronger passwords. I recommend giving out easy guidance in that case, I seem to remember seeing a number of infographics that explain the type of password choice I mention above.
4
Take a look at this xkcd comics. It might be helpful.
– VL-80 – 2014-05-05T02:18:42.380