I have reached the point now that if you don't offer me email and password, then I will not use your service anymore.
That you might want to offer different options for different people, sure; but don't remove the password option. Let me use my generated email address so that if you sell my info i know i can't trust you anymore and let me manage my own security instead of some third party that does not have my personal privacy as their primary concern.
This! Absolutely. I can't stand neither social login or magic link both of those are a pain. Password manager are a thing for a reason, just give me username+password or email+password + application based 2fa and thats it. Webauthn will be good at some point when everyone settled on how to use it properly (and as long as its paired with other way of logging in)
Pretty reductive. The author even lists pros and cons for every alternative, as if every option is a shade of gray except email+password.
I'm not going to force users of my service to create a Google account, I'm not going to let Google decide whether a user's account should be banned on _my service_; and I'm not going to oblige users to sign using webauthn.
That you might want to offer different options for different people, sure; but don't remove the password option. Let me use my generated email address so that if you sell my info i know i can't trust you anymore and let me manage my own security instead of some third party that does not have my personal privacy as their primary concern.
I'm not going to force users of my service to create a Google account, I'm not going to let Google decide whether a user's account should be banned on _my service_; and I'm not going to oblige users to sign using webauthn.
I will not use a service that doesn't offer email authentication. This is table stakes.
It depends on the audience and the importance of the account.