Indeed. Password auth was always easy to do, and it seems half the commenters here think that's all you need in modern times.

Then customers come and ask for SSO, SAML, OIDC, their niche auth protocol, 2FA, Pass phrases, etc...

And now your auth is a mess and a dedicated job to maintain and evolve.