Will this tech really kill passwords? 2FA is still the better choice