At what points in life we use a password or PIN to log in? On websites? Clear! At ATMs? Of course! At the PC-login? Probably. At the Smartphone lock screen? Maybe.
And - hand on heart - how many of these passwords are really different? In many (or most) cases there are many identical passwords for different sites. This means as well: If one of these words become compromised - ie become known - all relevant sites as of this date accordingly are no longer protected. Many logins have to be changed quickly . But who knows exactly which forums, etc. you had registered once?
About 30,000 passwords are compromised per day, over 53 million are currently breached in total (source: of https://breachalarm.com/) - and that's just the known part. Often we are therefore forced to use long, complicated passwords or let them be generated in order to discourage so-called brute-force attacks (trying all likely or possible combinations) . These passwords must then be recorded and managed again.
Therefore, many Internet services are tend to use multi-factor authentication (MFA or 2FA). When logging in there is for example an SMS sent to your mobile with a confirmation code, which must then be entered. While this method makes it difficult to attack the perpetrators, it is not very practical for everyday use. You need the smartphone at hand and the receiption of the SMS always takes some seconds. The safety level also appears, however, not sustainable, because successful fraud cases also existed.
Biometrics is also not completely safe in general. In addition, a corresponding hardware is required at each point of authentication. Thus, the user is very limited in using this method and can't in many situations use it, eg because if you want to login to your email account from a different device.