AEM really only supports Basic Authentication, and many commands in the cURL API also use Basic Authentication. The superuser 'admin' account also uses Basic Authentication. It seems overdue that AEM support more secure protocols, even if it's just two-factor.
cURL API and superuser functions primarily
Basic Authentication rules the day
Use at least two-factor, but preferably key/certificate base authentication.
Environment Details (AEM version/service pack, any other specifics if applicable):