Either make me create a password and then let me into my account or let me use my phone number/email to verify. It’s becoming too much to get into every day stuff. If I have biometrics on there is zero reason for anything else.
Basically the current security system is overdoing it. I suggest getting rid of passwords all together OR only requiring one or the other. Like it I forget my password or I forget my phone I can use the other but JFC its a hassle.
Bad password security is a human problem (can be back end bad practices also, but mostly human) whereas only using one auth factor is a security design problem. Again, MFA bad, single auth not good (but sometimes sufficient)
Also many people aren’t comfortable with auth apps yet and way less are comfortable with hardware tokens.
Passwords, while often implemented poorly by humans, aren’t something you can easily LOSE like your phone or a set of keys.
Many logins don’t really need very good security, like who cares if my lemmy login gets compromised I don’t want MFA here. Some might, I don’t. I still use a password manager but still, just a password is fine.
I dropped a credit union because they don’t allow MFA for online banking at ALL however, which is outrageous in 2025.