I'd still prefer ssh keys over a strong password. I don't know anyone who is perfect with regard to password sharing. Once you've memorized a wicked good password, there's a strong temptation to use it.

Say you've committed a really strong password to memory. One day, you find yourself setting up an account for some related service that you want to be super secure, but you're going to have to access it regularly. You decide to use your strong password. A year goes by and some hacker gains access to the said service's user database. Your super-strong password is now useless.

The great thing about ssh-keys is that the private key should be on your computer only. Generalized attacks don't go after single private keys, because you're only getting one set of credentials. If you're under focused attack, there are much easier attack vectors than trying to swipe a priv key from a dev's machine. If you can convince your dev to use passphrases on their ssh keys, you mitigate that attack vector as well.

Neither is perfectly enforceable, but using a passphrase with ssh-keys and ssh-agent is trivial. It's not perfect, but it's better than password auth.