Peer authentication for local postgres servers / poolers (authenticate using the OS users, doesn't work remotely, and yes, it's safe), kerberos / [gs]sspi authentication, client certificates.
Still, if you know that you're connecting to a server that's setup with password-based auth, then what would be the point of waiting? You'll inevitably have to provide a password as some point anyway, so the keylogger argument seems silly.
And if someone has the ability to install a keylogger on a machine that uses peer or certificate auth, then that someone almost certainly already has the ability to just connect directly using that same peer or certificate auth.
