There has been a new alternative to password logins that are becoming available for major services such as passkeys. This new way to login allows you to sign into services without using a password. A passkey can meet multifacter authentication requirements in a single step, replacing both a password and OTP. The set of technologies that underpin passkeys such as Fido2 can also be used with SSH with the caveat that this standard is so new as of this writing, major operating systems like MacOS and Windows do not have built in support for them.
A Fido2 security key such as a Yubikey introduce a strong, user-friendly option for SSH authentication, offering multi-factor authentication (MFA) via hardware tokens. This Yubikey link has step by step instructions on how to set up SSH with Fido2. In MacOS security keys support is disabled in their openssh distribution, you will have to use homebrew to install current OpenSSH or compile to appropriate middleware.
Fido2 support on Windows seems to be a future feature as well. But can used by downloading a beta release of Powershell that has it as well. Hopefully in the future versions support for this is included by default on these operating systems to reduce friction on adoption.
