Here's a brief overview of the 2 options you have around client security: passwordless accounts and passworded accounts.
Here's how you can enable passwordless sign-in for a client.
Once you send a questionnaire to this client (can be an open item or reminder), the client would receive the following email (with your firm's white labeling), where they can click a link to automatically sign in and redirect the client to the questionnaire. For security purpose, this link expires after 1 hour.
If the above link is expired, it will show 2 options for the client to continue.
If client selects "Send new link to email", a new link will be sent to the client's email. This link also expires after 1 hour.
If client selects "Send verification code via SMS," we will send a 6-alphanumeric code to client's phone. For security purpose, the verification code expires after 5 minutes.