That’s a fair point.
Not really my area of expertise but I’d have thought a 2FA login ought to
be adequate.
The key itself is encrypted and only unlocked once the user is
authenticated. That way, even if the key is copied, the data remains
secure.