Passwords vs Keys

🔒 Passwords: The Basics

Passwords are the most common way to prove your identity online. However, they need to be strong to protect your accounts. Here's what you need to know:

Best Practices:

• Use longer passwords (at least 8 characters).
• Mix it up with numbers, upper and lower case letters, and symbols.
• Avoid common words or simple substitutions.
• Never reuse the same password for different accounts.
• Change your passwords regularly.

🧐 Why Passwords Matter

Using weak or easily guessable passwords can put your accounts at risk. Attackers have many tricks up their sleeves to crack them.

💡 Password Managers to the Rescue

Password managers like KeePass, LastPass, and 1Password can make life easier:

🔑 KeePass: Keeps your passwords in a secure, encrypted database. Only remember one strong password.

🔗 KeePass

👉 To Install: brew cask install keepassxc

🔑 LastPass: Manage passwords online, across devices. Also, offers convenient browser plugins and mobile apps.

🔗 LastPass

🔑 1Password: A competitor to LastPass. Some prefer it due to its security features.

🔗 1Password

🔐 Public Key Authentication: The Advanced Way

For a higher level of security, you can use public key authentication. Here's how it works:

🔑 SSH (Secure Shell): Uses public key authentication to allow passwordless access to remote hosts.

📜 Steps to Set Up SSH:

1. Generate SSH keys with ssh-keygen -b 4096.
2. Copy your public key to the SSH server with scp.
3. Append the public key to authorized_keys.
4. Adjust file permissions with chmod.

Simple SSH Key Generate

# Generate SSH keys. Use the default file and empty passphrase for the keys.
ssh-keygen -b 4096

# Copy public key to SSH server
scp ~/.ssh/id_rsa.pub <HOST_NAME>:

# SSH to host
ssh <HOST_NAME>

# Append public key to authorized_keys
mkdir ~/.ssh
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

⚠️ Note: The private key should remain secret and have restricted file permissions.

🛡️ Advantages of Public Key Authentication:

• Enhanced security through cryptographic keys.
• Passwordless and non-interactive access.
• Avoids the risk of password cracking.

🚫 Disadvantages of Public Key Authentication:

• More complex setup.
• If the private key is compromised, it's a security risk.

🚀 Tips and Tricks

• Simplify login to different hosts using SSH config files.
• Set defaults for hosts so you don't need to enter the same details repeatedly.

📄 Sample SSH Config File:

Host my_host
    Hostname ec2-42-42-42-42.us-west-2.compute.amazonaws.com
    User ec2-user
    IdentityFile ~/.ssh/host_public_key.pub

👉 Now, you can connect with ssh my_host effortlessly.

🔑 Deliverable: Create SSH keys, add the public key to an SSH server, and test logging in without a password.

So, choose your authentication method wisely—passwords for simplicity or public keys for enhanced security. Stay safe online! 🌐🔐