[raxxorraxor]

Not really sure if that is really cleverer to be honest. I think passwords and the common password reset via capability URL is pretty fine. I use stronger credentials for banking and everything else is pretty much only protected by password. I also do cherish the privacy advantages of not using a login provider. I had accounts suspended for no reason and this dependency is just not acceptable.

Even banking with device bound credentials is a hassle everytime you switch devices or you picked up the wrong phone.

I have some apps using login with Microsoft because users are logged in anyway in a corporate environment and it is practical to provide SSO. Here accounts might also be closed and access needs to withdrawn. Practical to do so centrally.

But for cleverness I still believe nothing beats a secret in your head. Quick, fast, secure. Oauth is a mess, so I doubt passwords will be outdated anytime soon.