Comment by jpalomaki

It’s likely because the quick thought is that auth is just user table with hashed password.

Then when you really start thinking about it, the list of requirements grows.

Of course it’s still totally doable for an average developer, but takes time and mistakes can be catastrophic. And maybe the time is better spent developing stuff that differentiates you from others.