Sure. I'm not saying it's not better to use public key authentication (it is!). Just that it's still possible to have problems.