A cool path I recently tried myself is passwordless authentication using magic links. It’s a very easy to do solution too.
I would also say one is enough. The one I mentioned for example, all the user needs is an email, and since users are mostly expecting you ask them their email anyways, that’s ok. The downside would be that some users might not like to have to open an email to log in and it will generate some churn for you. But that’s life. 
