[somishere]

Passwordless is great until it's not. You tend to need to be on same device / browser as your email for it to work seamlessly. It also adds mental debt, in that many multiple actions are required to proceed (personally find myself with irrational logout fear thanks to this).

Appreciate it seems like it answers all the questions but I think, in the end, it talks more to the developer than the user.

I say this as a major proponent of smarter 'dumb' auth, an earliesh adopter with passwordless, plus having run it as the primary login mechanism on a site with 25-150 new signups / day for nearly three years.

Looking forward to more widespread adoption/availabilty of webauthn, embedded (consumer) security features, etc.