Pretty reductive. The author even lists pros and cons for every alternative, as if every option is a shade of gray except email+password.
I'm not going to force users of my service to create a Google account, I'm not going to let Google decide whether a user's account should be banned on _my service_; and I'm not going to oblige users to sign using webauthn.
If you can't handle user authentication on your own, why should I trust that you're capable of any level of security or trustworthiness?
I will not use a service that doesn't offer email authentication. This is table stakes.
Maybe!
It depends on the audience and the importance of the account.
I have reached the point now that if you don't offer me email and password, then I will not use your service anymore.
That you might want to offer different options for different people, sure; but don't remove the password option. Let me use my generated email address so that if you sell my info i know i can't trust you anymore and let me manage my own security instead of some third party that does not have my personal privacy as their primary concern.