> a "password in a file" would be the private key, but even that isn't really a good comparison, because you never transmit your private key
Since at least the 1980s (Kerberos) and dial-up modems used CHAP in 1996, you can authenticate via a password without transmitting the password.
There are even better algorithms that use passwords, without transmitting or storing them on the server. For example, the server can store a salted bcrypt of the password. Upon login, the server generates a random number (the challenge) and sends that to the client, along with the salt the server has chosen for this user. The client then computes and sends:
H(H(Hs(password, salt)), challenge) xor Hs(password, salt)
The server can verify that without having the password transmitted, or stored on the server.
You would be correct to say that *sending plaintext passwords over the network (1970s style)* is much less secure than public keys. You can certainly use passwords without sending them over the network, though - that issue has been solved for decades.
> Plus, even shitty private keys (1024 bits) are way stronger, entropy-wise, than a password so there's that, too.
Much like a LONG password (pass sentence).