Not as hard to implement as some of the pipe dreams out there. Of course, it does require a degree of tech savvy on the part of users - and more importantly, enforcing it's use, to avoid laziness bypassing.
Then your challenge becomes certificate transport - you'll need a way to carry around your cert, or somehow get hold of it when you need it, which is easier said than done. The real advantage of passwords is their portability. Biometrics have a similar advantage, but as already noted - are a bit harder to revoke/change.
That means applying appropriate automation and scripting. (Don't overdo it - not all scripts need to be gold plated).
Decent documentation. (Which is easier: explaining or fixing a problem, or saying 'RTFM' and waving a hand dismissively - if TFM is up to scratch, they won't come back and bother you)
Tackle tasks that'll become a pain, before they're a pain.
The combination of these means I've had a fairly easy and productive live in 'systems admin', because I've never had a need to diddle with spreadsheets to look like I'm working.