This is so infuriating. NIST has been advising against it for years by now and even Microsoft switched the official stance last year or so, but it still keeps being done out of inertia. It's also still in the AWS best practices (I unsuccessfully tried to argue against introducing it for our accounts).
Though, to be honest, at this point I believe that humanity should just abandon passwords for all but the most unimportant of things (e.g. your account on some hobbyist forum), at this point they just have too many downsides and most people seem to be unable to handle them properly.
Though, to be honest, at this point I believe that humanity should just abandon passwords for all but the most unimportant of things (e.g. your account on some hobbyist forum), at this point they just have too many downsides and most people seem to be unable to handle them properly.