DEV Community

Cover image for Passwords vs Keys
aungkohtat
aungkohtat

Posted on

Passwords vs Keys

πŸ”’ Passwords: The Basics

Passwords are the most common way to prove your identity online. However, they need to be strong to protect your accounts. Here's what you need to know:

Best Practices:

  • Use longer passwords (at least 8 characters).
  • Mix it up with numbers, upper and lower case letters, and symbols.
  • Avoid common words or simple substitutions.
  • Never reuse the same password for different accounts.
  • Change your passwords regularly.

🧐 Why Passwords Matter

Using weak or easily guessable passwords can put your accounts at risk. Attackers have many tricks up their sleeves to crack them.

πŸ’‘ Password Managers to the Rescue

Password managers like KeePass, LastPass, and 1Password can make life easier:

πŸ”‘ KeePass: Keeps your passwords in a secure, encrypted database. Only remember one strong password.

πŸ”— KeePass

πŸ‘‰ To Install: brew cask install keepassxc

πŸ”‘ LastPass: Manage passwords online, across devices. Also, offers convenient browser plugins and mobile apps.

πŸ”— LastPass

πŸ”‘ 1Password: A competitor to LastPass. Some prefer it due to its security features.

πŸ”— 1Password

πŸ” Public Key Authentication: The Advanced Way

For a higher level of security, you can use public key authentication. Here's how it works:

πŸ”‘ SSH (Secure Shell): Uses public key authentication to allow passwordless access to remote hosts.

πŸ“œ Steps to Set Up SSH:

  1. Generate SSH keys with ssh-keygen -b 4096.
  2. Copy your public key to the SSH server with scp.
  3. Append the public key to authorized_keys.
  4. Adjust file permissions with chmod.

Simple SSH Key Generate

# Generate SSH keys. Use the default file and empty passphrase for the keys.
ssh-keygen -b 4096

# Copy public key to SSH server
scp ~/.ssh/id_rsa.pub <HOST_NAME>:

# SSH to host
ssh <HOST_NAME>

# Append public key to authorized_keys
mkdir ~/.ssh
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

⚠️ Note: The private key should remain secret and have restricted file permissions.

πŸ›‘οΈ Advantages of Public Key Authentication:

  • Enhanced security through cryptographic keys.
  • Passwordless and non-interactive access.
  • Avoids the risk of password cracking.

🚫 Disadvantages of Public Key Authentication:

  • More complex setup.
  • If the private key is compromised, it's a security risk.

πŸš€ Tips and Tricks

  • Simplify login to different hosts using SSH config files.
  • Set defaults for hosts so you don't need to enter the same details repeatedly.

πŸ“„ Sample SSH Config File:

Host my_host
    Hostname ec2-42-42-42-42.us-west-2.compute.amazonaws.com
    User ec2-user
    IdentityFile ~/.ssh/host_public_key.pub
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ Now, you can connect with ssh my_host effortlessly.

πŸ”‘ Deliverable: Create SSH keys, add the public key to an SSH server, and test logging in without a password.

So, choose your authentication method wiselyβ€”passwords for simplicity or public keys for enhanced security. Stay safe online! πŸŒπŸ”

Top comments (0)