For one thing, a password is a string of characters that you and I carry around in our heads. At least they were, until complexity requirements, forced expiration, and proliferation of accounts caused us to rely more on password managers than our memories.
However, the platonic ideal of a password is one that you remember: "Something You Know". Therefore, it is usable at the library, it is usable in the hospital after your ambulance transport, it is usable when you're stranded in Portugal and borrowing someone's phone at the U.S. Embassy in Lisbon. Passwords are not something that can just drop out of your pocket, or be "stolen" from you, in the sense of depriving you of that knowledge.
"Passwordless auth" comes to rely on devices. MFA did this to us first, of course, where SMS codes come through our phone, which is now mandatory, or come off our Yubikeys or Google Authenticator, which in turn depend on a computing device. "Passwordless auth" is always tied to a device of some kind.
Therefore, passwordless auth is something that can easily fail or be taken away from us. How easy is it to lose your phone? What are the chances you'll need to sign in to, say, Apple, to retrieve a contact's phone number, and all you have is your brain connected to your fingers? Your passwordless auth is now useless.
So yeah, it's great from a technerd perspective, where we have lots of devices, always a backup, plenty of cash to replace them, disaster plans in place, etc. Passwordless auth (and MFA along with it) isn't so attractive when you're addicted to heroin, mentally ill, homeless and living on the streets, and you're trying to sign in at a library computer so that you can apply for SNAP benefits, Medicaid, and Section 8 housing assistance.
However, the platonic ideal of a password is one that you remember: "Something You Know". Therefore, it is usable at the library, it is usable in the hospital after your ambulance transport, it is usable when you're stranded in Portugal and borrowing someone's phone at the U.S. Embassy in Lisbon. Passwords are not something that can just drop out of your pocket, or be "stolen" from you, in the sense of depriving you of that knowledge.
"Passwordless auth" comes to rely on devices. MFA did this to us first, of course, where SMS codes come through our phone, which is now mandatory, or come off our Yubikeys or Google Authenticator, which in turn depend on a computing device. "Passwordless auth" is always tied to a device of some kind.
Therefore, passwordless auth is something that can easily fail or be taken away from us. How easy is it to lose your phone? What are the chances you'll need to sign in to, say, Apple, to retrieve a contact's phone number, and all you have is your brain connected to your fingers? Your passwordless auth is now useless.
So yeah, it's great from a technerd perspective, where we have lots of devices, always a backup, plenty of cash to replace them, disaster plans in place, etc. Passwordless auth (and MFA along with it) isn't so attractive when you're addicted to heroin, mentally ill, homeless and living on the streets, and you're trying to sign in at a library computer so that you can apply for SNAP benefits, Medicaid, and Section 8 housing assistance.