Registration and authorization exist independently of the existence of the user and from each other. If an action needs to be performed on an entity, this action must not be performed by the entity itself. Letters do not send themselves, users themselves do not create a record in the database (they do not think about the database at all). IMHO, it's wiser to share.

On the other hand, registration and authorization is what is needed only for the user. and therefore it does not make much sense to single it out as a separate system.
I am inclined to believe that these systems should be subsystems of the system of work with users.

That registration, that authorization - I would make them static methods of the user class, which as a result return an instance of this class.

Looking what entities you operate. If there is a user entity, then is it possible to say that it has different View modes - like authorization and registration? I think in your case vryatli.
Registration is an entity that registers (or creates) a new user of the system.
Authorization is an entity that finds the required user of the system by the specified identifiers and authorizes him.
They require different models. It's just that the stars converged in the sky, that both entities can have username and password fields, for example. This does not mean that they are the same. Not always the feeling that makes you highlight some similar parts is worth trusting.
Always do the right thing.
In the end, authorization does not always require a username and password (authorization through third-party services, for example).

Registration/authorization is definitely not a part of the user abstraction, because they can create/change the properties of the user entity, but by themselves do not describe any information about the user and do not describe any of his actions (in the sense that it is not the user who registers/authorizes someone , and it requests these actions from the system). They are just the functionality of the system.