It’s not only bad passwords you’re battling against but social engineering and poor administrative practices.

I’m comfortable with telling people to turn off password auth on their sshd’s and treat password auth as the exception rather than the rule.

Also, it’s generally a nicer user experience.