The technology of passwords has been around for millennia, never perfect, not terrible enough to throw out wholesale. As I said somewhere else, the democracy of authentication, the best of several imperfect options. Certainly I'm not securing anything of mine behind my phone (can be broken) or my face (can also be broken) on a proprietary system under Google's fickle control, when my brain is less likely to be broken (and if it's not, I'll have much bigger problems to worry about than getting into my accounts).