People consistently forget the human element when talking about what constitutes "good" security. Sometimes trading a small amount of entropy for a reduction in user friction has the effect of making a system functionally more secure, even if it is hypothetically easier to crack.
It might be easier for Microsoft's new passwordless options to be broken by some good social engineering, but its ease of use over relying on a password manager means users are more likely to abandon that sticky note on their monitor or their re-used easily guessable password.
It might be easier for Microsoft's new passwordless options to be broken by some good social engineering, but its ease of use over relying on a password manager means users are more likely to abandon that sticky note on their monitor or their re-used easily guessable password.