I came here to say this!
But my addition would be to have a context-dependant password i.e. it takes the NFC hash, then takes the first 3 letters of the web domain (or similar) you're accessing and spits out a new hash.
This would reduce password redundancy if your password was compromised on one site.