[acdha]

There’s plenty of inertia but if you haven’t tried it, the experience on Apple devices is pretty easy to understand and fast: “Do you want to sign in with Face ID for the web?” takes less time than weakening your password to suit some site’s policy, and it’s much faster and easier than dealing with any other form of MFA. At least for sites required to have MFA, that inertia is going to win out faster than we think because ordinary people hate things like TOTP codes and stuff like SMS/email codes will trigger accessibility complaints.