If you have an app that doesn't use password manager APIs like 1Password you are responsible for security breaches, not your users
1
0
0
0
0
...I will reconsider that decision if i can't use 1Pass to remember that password. Breaking workflows is bad and will change user behavior
Similarly, if you don't support 2FA or only support one 2FA app or one brand of security key. You're now more culpable than your users