Passwords are not a secure method for users to auth to highly sensitive services like FMD. Passwords can be brute forced and/or phished. FIDO2 passkeys is the single best auth method with TOTP being the second best. I highly recommend that the FMD server should require for these to be provided instead of strictly passwords.