Re: Have I been hacked?

[Iain M Conochie <iain@thargoid.co.uk>]

On 10/01/15 20:31, Brian wrote:
> By all means advocate and use ssh keys. But at least provide some 
> substantial reason for spurning password login for that particular 
> situation. A blanket "don't use passwords" or "keys are better" 
> doesn't cut it. 

There are 3 (current) factors in authentication:

1. What the user knows
2. What the user has
3. What the user is

These increase in security as you go higher up the number. So (assuming 
the implementation is secure) my fingerprint (being something I am) is 
more secure than a password. Also, an ssh-key (being something I have) 
is more secure than a password.

In each case we have the _implementation_ to let us down. #1 is up to 
the user whereas #2 and #3 are up to the programmer. Who do you trust ;)

Iain