The only reason probably if some accounts already have a password and you want to support it. If you're building a new app, I'd also go for WebAuthn / passkeys-only and use some other passwordless method (e.g. social login/OIDC or email magic links as fallbacks)