Personally, I’ve never been a fan of the passwordless login system, you enter your email -> they send you an email -> click login. I’ve never been a fan, however, it works, it’s secure, and makes ease of use for the end user.
You don’t have to remember a ton of details, or worry about putting them into a phishing website.
The only difference is, security then becomes down to the end-user, how secure is your email, can someone get a hold of this, and do you have steps to get it back if anything happens.
Therefore I recently changed my email to another provider to offer me with 2 step authentication.
When it comes to the mobile, once you’ve authenticated a device, it then becomes the security of how secure your login is on that, how many people do you let on your phone… I personally don’t trust anyone and change my passwords for email and phone every 3-6 months.