This isn't HTTP Basic Auth, though: these days git with the right Credential Managers (and Git for Windows comes with a good one built in) support OAuth Access Tokens obtained with full OAuth login flows including 2FA authentication. It's theoretically no worse than SSH PKI, and in terms of practicality is often better because it is easier and more convenient. (For the users at least; it is clearly more complex than "install openssh" to implement if you are trying to build a git host that supports OAuth Access Token auth.)
Recently I helped someone get set up with VS Code and Git, and it subverted all of my preparations by simply popping up an OAuth window to authenticate.
They instead used the GitHub app and their GitHub password. I didn't see any interaction with an SSH key.
I am not sure how I feel about that. Something seems not right about it.