Re: Have I been hacked?
On 10/01/15 20:31, Brian wrote:
By all means advocate and use ssh keys. But at least provide some
substantial reason for spurning password login for that particular
situation. A blanket "don't use passwords" or "keys are better"
doesn't cut it.
There are 3 (current) factors in authentication:
1. What the user knows
2. What the user has
3. What the user is
These increase in security as you go higher up the number. So (assuming
the implementation is secure) my fingerprint (being something I am) is
more secure than a password. Also, an ssh-key (being something I have)
is more secure than a password.
In each case we have the _implementation_ to let us down. #1 is up to
the user whereas #2 and #3 are up to the programmer. Who do you trust ;)
Iain
Reply to: