Who trusts Microsoft with their passwords, seriously?

And passkeys are even worse because they're user hostile, dev hostile, and stuck in a walled-garden.

Passwords and 2FA (TOTP or passkeys or something else, with a recovery code mechanism), not just passkeys, or GTFO.