Yes, but a password is a shared secret. So both you and the person you are interacting with need the password and therefore it is more vulnerable. With a past key, only you have the private key and the company or service you are interacting with never has access to the secret. Basically, they encrypt a message to you using your public key and then your private key decrypts it and sends them a response back with the correct answer.