In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed (another machine takes the IP, for example), an attacker can learn your password. 

  

 Public key authentication works differently. It uses key pairs, of which one key is public and the other must remain private. Anything encrypted with one key can only be decrypted with the other (See PublicKeyEncryption for a fuller description). Others need the public key to send messages to the owner of the private key. After they encrypt their message, only the recipient can reconstruct it. In the same way, only a message encrypted using the private key of a key pair, and therefor by extension the pair's owner, can be decrypted by the public key. Thus, everyone can verify whether the message really originated from him.