There are tricks you can use to remember a strong password. As far as "trivial to intercept, easy to lose, not hard to guess", the point is mute over the network as long as the target system uses something like iptables rate limiting or MaxAuthRetries and LoginGraceTime in SSH.
If it's a local resource only then all an attacker needs is time and computing resources, but, that's true for key based authentication too.
If it's a local resource only then all an attacker needs is time and computing resources, but, that's true for key based authentication too.