I was surprised when it happened to me too, but it seems to be an anti-feature that has been rolling out for some time now[0]. The ability to use a password has vanished completely.

The thing that makes it particularly egregious is that Booking.com is literally designed to be used on the road, from any location anywhere, on any weird device you might have access to at the time. There's no guarantee that whatever janky airport wifi allows IMAP, or that your phone can receive SMS in whatever country you're in. Forcing 2FA - or now apparently just the "1FA" of magic link/OTP - has made the service useless for its primary purpose.

[0] https://old.reddit.com/r/Bookingcom/comments/1hl055b/cannot_...