 Did you know that you can log users into your application without using a password? Passwordless authentication is the process of verifying the user's identity with something other than a password. You can use FIDO slash web authentication, which leverages biometric capability on devices like Face ID and Touch ID for example. You can also use magic links, which will have the user into their email address. It will send them an email with a link to click to log in, or you can use one time passcode, which is similar to a magic link, but in this scenario it sends a code to the email or to someone's mobile phone and they have to enter that code to log in. Or you can use push notifications that will send a notification to a user's dedicated authenticator app, and this gets repeated every time that the user wants to log in. If you want to learn more about passwordless authentication, check out the link in the comments and this has been Identity in a Minute.