Password was a good idea for “verifiable information”, which basically says you are you. “Passwordless” login just funels a million pieces of separate “verifiable information” down to one , your email account. Remember, passwordless login still uses access tokens, the only difference is that they are now generated by verifying email instead of username/password pairs. If you do password the right way (NEVER use the SAME password for ALL accounts), statistically speaking, the “cost” of potential attack on passwordless login is much larger, because hack one and you got it all.
The safest (stupidest) way to authenticate a person is to meet him/her in person. This might not even make sense on the Internet because your identity is not based your physical existence (probably a bunch of selfies and status updates). The best alternative is to make you think of some weird stuff (password) only you will know, and based on the fact that you are such a weird person (know your password), you must be the one I am referring to. So before the philosophical model of authentication can be changed or replaced, I will say password is still a safe bet.