Password manager users living life on easy mode.

But you know what’s the safest way for us to keep your password safe? Not asking for one to begin with. By not creating a password with us you have no risk of it leaking, and we don’t have to deal with the responsibility of keeping it secure. The sign in link is going to your email, which presumably is protected with two-factor authentication, if you have it set up (which you should!).

https://www.404media.co/we-dont-want-your-password-3/

They had a follow up later too (paywall)

Recently finished a side project and I was glad I could go with pure login/pass auth. No email no oauth, just a pass phrase for account recovery. It's refreshing and so damn simple.

Very few things on the internet and computer actually need accounts. Everything requiring a login is a cancer.

A lot of motherfuckers typing in code with a keyboard need a beating with said keyboard.

If a programmer can’t get a login form right they need permabanned from ever shipping another release.

It's over the phone, but the "We'll send you a text to confirm your identity if you provide a phone number." Has got to be one of the stupidest wastes of time.

Also, those stupid annoying modern log in pages where it just asks for your email, then refreshes to a page with a password, because the password managers are hit and miss on detecting the log in form when it does that shit and why the fuck are we doing an extra step oage anyway????

Worst one I've seen: username and password plus a 2FA email, BUT if you hit enter instead of clicking the last button it refreshes the page.

I can imagine that the sites want to validate that you still have access to the email associated with the account, and asking people to check their settings is annoying, and they know no one will do it. I can also imagine that sites want to know as much about you as possible, don't want you to be using burner email addresses, and are probably selling the fact that your email address can still receive email to marketing firms who compile that info.

On the other end, there is an excessive use of 2FA with systems for whom the concept of SSO seems to be a foreign thing. It's also sort of funny that 2FA can just mean using a TOTP capable password manager, reverting it back to one factor.

Passkeys or oauthn/fido. I just can’t believe we’re still talking about passwords in 2025 when these very robust, user friendly features have been widely available for years.

Magic link only is the wirst kind of login systems. However, I don’t know any big real companies that use this.
If you don’t like passwords, just use passkeys.