[ndriscoll]

What's difficult about managing keys? I use key login with termux and if anything it's easier because typing passwords (or anything) on a phone is tedious.

Agree in general that people wildly overestimate the risk leaving things alone. e.g. nginx hasn't had a security advisory affecting basic http 1.1 serving static content without TLS in many years. And of course desktops are behind stateful firewalls.

[thot_experiment]

For me a big appeal of having a "home" environment on a VPS is that I can just do useful things from any computer-like device, that's not really possible with keys. Rather than fucking around with keys I can just SSH in from wherever and roll the password when I'm done. High entropy non shared passwords are just fine, you'll get your IP timed out after a couple attempts, nobody is throwing a botnet at bruteforcing my pass.