While the single point of failure (especially for browser cookies) can be an issue, handing authentication and associated bookkeeping to an entity that does that, instead of plugging your own essentially least viable product level auth on top of every service is a win.
If everyone did authentication well, then centralized IDPs might be questionable from a computer security perspective. But most aren't doing it well.
On top of that, humans generally work best if they don't have to remember lots of truly random passwords. I.e. in realistic settings, there's a maximum of expected passwords either way. And the true gain of having dedicated auth everywhere is minor.
There's some consideration for things like FIDO/WebAuthn/PassKeys, but they mostly just shift the issue from a single provider in cloud, to a single (hardware) token.
Harder to copy than browser cookies, but still a single point unless it's combined with MFA.
If everyone did authentication well, then centralized IDPs might be questionable from a computer security perspective. But most aren't doing it well.
On top of that, humans generally work best if they don't have to remember lots of truly random passwords. I.e. in realistic settings, there's a maximum of expected passwords either way. And the true gain of having dedicated auth everywhere is minor.
There's some consideration for things like FIDO/WebAuthn/PassKeys, but they mostly just shift the issue from a single provider in cloud, to a single (hardware) token. Harder to copy than browser cookies, but still a single point unless it's combined with MFA.