[orian]

It's about the level you want to trust 3rd party. Many people already trust Google / Facebook / Apple for auth and others just use 'LastPast', 'FirstPass' and 'SecondPass'. And for a clarity, most consumer grade biometrics is at funny low level.

I don't have a reason to think there will be anything better than new Apple ID (which protects your email). Therefore, why would I (as a user) use any new auth method? From my point of view, the auth problem is solved.

90 day policy is bullshit and even Microsoft started discouraging it. The solution is to abandon the 90 days policy not to reimplement the wheel of auth.