'Passwordless' Just Single-Factor

I've seen a lot of apps advertising 'passwordless' authentication, even Microsoft uses it. However it always appears to just be implemented as literally a 'something-you-have' factor, as in basically an access code they send to your email or device?

How is this more secure than having a password + device? I understand having to remember a password is annoying and prone to having it written down, but if you enforce MFA it seems much more secure.

access advertising apps authentication code cybersecurity device email factor lot microsoft password passwordless send single understand