[paulryanrogers]

Passwordless systems are shitty in all kinds of ways: difficult for users to understand, must have multiple hardware tokens, rely on 3P (who likely needs a password anyway), lock in to one vendor, difficult to recover from lost device, sometimes uses derived values--putting all past and future values at risk.

They'll have an answer for every critique, but they're usually weak responses that assume tech literate users.