I've worked my way through the SSH setup, and am able to log in to my new droplet via a terminal window, as well as my Transmit app on my Mac. However, when I attempt to do the same from the DO Console, it asks me for a password. I did not set up a password in the SSH.
Everything looks correct, but obviously, I am missing something?
The web console does not use SSH. To your droplet it appears as a local keyboard and mouse so you are not able to use ssh keys to authenticate. If you run passwd once you are logged in via ssh you will be able to create a root password on your droplet to use for web console logins and for using sudo while still using key only authentication for ssh.
This is what I figured was the case, but then what is the purpose of the SSH key creation in my DO account screen? It appears to be the Public Key?
This feature allows you to add your public key to your account so it can be automatically inserted into new droplets you create. Since the console does not use ssh your ssh keys and configuration have no effect on the console.
If you do this, doesn't it undermine the whole SSH key protection as one could try to hack through to your VPS through the password?
It does not. The recommended setup is to set a password for root (or another account with sudo) but to only allow key based authentication for the ssh service. This way only "local" logins are allowed with a password.