[Aldipower]

If you plan to store your private key on a device you can loose the key itself should have a password too. So the attacker needs still a password to unlock the private key. This is actually a good idea in general. Securing the private key with a password.

[makach]

if you lose your key, make sure that local (not remote) login is the recovery method. locking yourself out is a real thing.

[3np]

Nitpick: passphrase, not password

[atoav]

Nitpick: if you have a password manager it doesn't matter

[3np]

Well it kind of does.. A password is validated, and if you lose it there is usually some recourse. Reset or whatnot. It may be a hassle but always possible somehow.

If you lose a passphrase, no one can help you even if you hit HN front page and /r/all with a sob story. So backups and availability have a different cruciality.

Also if you store a private key on the same medium as a password store with weak encryption or key that contains the passphrase, they key can't be considered as strong anymore.

There are practical reasons to make a distinction and mistakes can be expensive.

[Aldipower]

Thanks, yes, passphrase is the correct word. :)

[jgalt212]

passwords all the way down. /s