"locks you out the second the auth server goes down."
That's a problem with every authentication server.
It doesn't matter if you're using a password, some kind of two-factor dongle, a fingerprint scanner, or magical quantum entanglement, you still have to rely on something to authenticate your credentials.
Of course, you could have your authentication on your local machine, but then you have bigger problems than not being able to authenticate, when it goes down.
Biting the hand that feeds IT
