That's my point - if you have a reasonably secure password (let's say 50-100 characters, fully random), it's extremely unlikely that anyone is ever going to even get beyond the basic auth prompt.
Then you should also be worried about bugs that let you log into an SSH session without providing your SSH certificate, passkey or whatever. Authentication bypass can happen with pretty much any buggy authentication method. None of this is inherently a problem of passwords or basic auth.
