> On the topic of authentication, it's solved. SSH nailed it, any further complexity is strictly worse.
Ever tried to SSH with a security key... through FIDO2? Or would you say that having your private key as a file on your computer is strictly better than having it in a security key? :-)
I use this very setup, it works great. Yubikey has supported resident keys for a while.