Doesn't work that way. Passwords are inferior but still a strong layer of defense. You are putting all your eggs in one basket again. The lesson from passwords is that a single factor of authentication is inherently inferior to multiple factors of authentication. From a threat actor's perspective, even a yubikey is a matter of one well planned attack (physical, compromised host,etc) and by nature newer factors of auth don't get treated with hostility like with passwords. They are better than passwords but what I see is people moving away from MFA to only a yubikey for example. Like you are now one lost yubikey away from your whole company getting owned lol.
Your face and thumbprint can easily be reproduced. There is even a guy that took a photo of a politicians' finger from a mile away and used that to forge their fingerprint. Even without going technical your dopplegangers can bypass face auth lol. You can guess spray pins and push notification codes. The one thing you can count on is someone will find a way around any good passwordless solution. For example, there is a "rdp in browser" phishing where a browser in the attackers vm does the actual auth but the user thinks it is in their browser so most passwordless methods are defeated by cookie theft like that.