> You probably use an easy-to-remember password on SSH keys since you have to type them often

No, use ssh-agent and decrypt once per boot.

> Instead, set up SSH certificates, MFA, Yubikey, or TPM/Enclave storage for your private keys.

Granted, I agree with this, too.