To successfully do a brute-force the attacker would also need the salt, which means that the database by itself will not yield any e-mail addresses.
Probably better to use encryption with public / private keys.
2) you avoid passwords altogether by giving a user an authentication token to be saved as a bookmark perhaps? The token contains a cryptographic signature
For 2), This sounds like a bad idea for anyone sharing their screen, they could broadcast the url or even just share a link not understanding how it works and lose control of their own account. Also this would only work for users who use bookmarks.
2) The url with token is used only for logging in and the user is forwarded to the home, just like the email confirmation links in emails