[ikiris]

No, you should use short lived certificates, ideally locked inside hardware tokens and 2fa.

This is just snake oil that doesn't actually add protection.

[chousuke]

But it does help; in most cases, it requires no effort whatsoever, in contrast to using something like SSH certificates which may not even be possible, depending on the environment.

There's no such thing as perfect security, but that doesn't mean you shouldn't lock your door.