|
|
|
|
|
|
by duskwuff
804 days ago
|
|
|
> Have to admit I've never understood why password auth is considered so much worse than using a cert Password auth involves sending your credentials to the server. They're encrypted, but not irreversibly; the server needs your plaintext username and password to validate them, and it can, in principle, record them to be reused elsewhere. Public key and certificate-based authentication only pass your username and a signature to the server. Even if you don't trust the server you're logging into, it can't do anything to compromise other servers that key has access to. |
|
|