I tried ditching passwords, but the alternatives feel even more complicated

At a glance:

• Google's Verified Email feature aims to eliminate OTP verification loops but requires Gmail accounts and doesn't work with "Sign in with Google"
• Passkeys replace password memorization but still require similar authentication steps and can be disrupted by prompts to create new passkeys
• Passwordless authentication remains fragmented across platforms, creating confusion despite technological advances

The promise of passwordless authentication

Despite the growing number of passwordless authentication options like Google's Verified Email feature and passkeys, the reality of implementing these solutions often falls short of the promised simplicity. The author, having always been excited about ditching complex passwords, decided to test these new authentication methods. On paper, passwordless solutions should work seamlessly, making account logins simpler and almost single-tap. However, the user experience proved to be much more fragmented than expected, with inconsistencies that derailed the entire experiment.

The reality of password reuse

In 2026, many people are still reusing a single password across multiple accounts. While password managers exist, they remain primarily used by more technically inclined users. Tech companies often overlook this ground reality when designing authentication systems, assuming users already use password managers and understand multi-factor authentication. In many regions, second-factor authentication is already forced upon users through basic SMS OTPs by institutions like central banks to prevent fraud. This creates a significant gap between ideal authentication practices and real-world usage, where password reuse wins due to its predictability and simplicity.

The chore of traditional authentication

The traditional authentication process involves entering an email ID, a unique password, then verifying through an email app or third-party security app to retrieve a TOTP. While this multi-step process offers security, it's also quite tedious despite the presence of password managers. The author expresses excitement whenever companies introduce ways to eliminate second-factor authentication without compromising security, only to be disappointed when the implementation falls short of expectations. This cycle of hope and disappointment has become a pattern for those attempting to transition to passwordless systems.

Passkeys: Not as simple as they seem

When the author switched their primary Google account to use passkeys instead of the regular email-and-password setup, they quickly realized they were going through almost the same number of authentication steps. Passkeys claim to replace password memorization, but the author notes they don't remember their passwords anyway, thanks to their password manager. The real frustration came when trying to log into their Microsoft account, which repeatedly prompted to create a passkey. Even after setting up the passkey, the system still required traditional OTP verification, raising questions about what had actually been simplified.

Google's Verified Email feature: Limitations and constraints

Google's Verified Email feature uses Android's Credential Manager API to bypass the email verification process, eliminating the need to leave an app, check email, copy an OTP, and paste it back. However, this feature comes with significant limitations. It requires a Gmail account, making it non-universal. It doesn't work with the "Sign in with Google" feature, and existing accounts with second-factor authentication already in place aren't supported. Additionally, the authentication is device-specific, lacking cross-device functionality. These constraints create a fragmented authentication landscape that contradicts the goal of simplification.

The path forward for passwordless authentication

After experimenting with passwordless options, the author concluded that the technology already exists to go passwordless today. The real challenge is making authentication disappear into the background for all users, not just those already using password managers. Mainstream adoption requires solutions that are as convenient and consistent as reusing a single password. The FIDO Alliance aims to address this but has so far offered a fragmented approach. With Android's global reach, Google is uniquely positioned to pioneer passwordless authentication that works across all user segments, potentially making passwordless methods mainstream if they can create a cohesive, universal system.

Conclusion

The journey toward passwordless authentication reveals a fundamental tension between technological capability and user experience. While companies like Google are making strides with features like Verified Email and passkeys, the current implementation remains too complex and inconsistent for widespread adoption. Until authentication becomes as simple and universal as password reuse, many users will likely stick with the familiar, albeit less secure, traditional methods. The future of passwordless authentication depends on creating systems that work seamlessly across platforms and for users at all technical skill levels.