@abucci@anthony.buc.ci in a personal case, in 2022 I explored client certificates, (I can’t recall who suggested that, it was you?).
I think it’s amazing for corporates and perhaps power users. Anyway, I think it’s too obscure for a normal employee who doesn’t understand what’s going on.
For something closer to the current Web experience I think Webauthn/Passkeys will be slightly simpler to use and to implement, due to the support of main OS and integrated security hardware in PCs and Phones. Or you can use a USB device which is closer to a “car key” being the physical aspect easier to understand than an abstract encryption technology IMO.
But as they say, why not both?