Great perspective, thank you for sharing. I might agree with this statement in the context of consumer authentication - when I am accessing my personal apps, websites, etc. Especially e-commerce is sensitive to login friction.
In my opinion in the business / workplace setting, "simple" has additional context to consider, such as how do you distribute a password to an employee, how do you pair password with MFA, how you manage the user records, what happens when employee forgets the password, who do you call when you need to reset a password or MFA, etc.
Therefore taking a mobile app and scanning a QR code to login is not quite hard after all...
I hear what you are saying, but I think this comment in conjunction with the parent comment speak to the bigger issue which is how do you make something easy for both IT and the end user? Yes, a solution like this may make it easier for IT to set things up and support their users but I have had the same experience as OP with similar products at companies I’ve worked at. Logging into a system now means I have to find my phone, unlock it, open the app, scan the code, and provide a biometric (or passcode) again. That’s if everything goes smoothly I might be prompted to change my phone’s password if I’m using a company phone with a password change policy, something might happen with a redirect or the app. Now I’m completely out of the zone of what I was working on.
Or I can have SSO or a password manager and be logged-in in less time then it takes me to grab my phone. As an end user I would much prefer the latter.
In my opinion in the business / workplace setting, "simple" has additional context to consider, such as how do you distribute a password to an employee, how do you pair password with MFA, how you manage the user records, what happens when employee forgets the password, who do you call when you need to reset a password or MFA, etc.
Therefore taking a mobile app and scanning a QR code to login is not quite hard after all...