Apparently user cannot change the password at the moment. Given that the 2FA is also not supported, this is a critical security vulnerability.

Passkey would also be a good option to have.