How would that work? If you would use a private key to authenticate to the server you would still need to protect this key with a password. Otherwise stealing the private key will get an attacker access to the server just as simple.

Well, you’d be 100% safe of MitM.

And you could use a hardware key auth.

Like the German eID, where the key is signed by the government and on a special chipcard.

The software requests the card to sign, you need to type in your PIN on the reader itself, and the request will be signed with RSA.

The public key is world-readable on the card, so you can just send that to the server.