On Sun 11 Jan 2015 at 22:32:39 +0000, Iain M Conochie wrote: > On 10/01/15 20:31, Brian wrote: > >By all means advocate and use ssh keys. But at least provide some > >substantial reason for spurning password login for that particular > >situation. A blanket "don't use passwords" or "keys are better" > >doesn't cut it. > > There are 3 (current) factors in authentication: > > 1. What the user knows > 2. What the user has > 3. What the user is > > These increase in security as you go higher up the number. So > (assuming the implementation is secure) my fingerprint (being > something I am) is more secure than a password. Also, an ssh-key > (being something I have) is more secure than a password.
Both a password and a key is something the user is in possession of. A fingerprint (a key, I suppose) is no more "me" than a password. I may be being dense but I am having difficulties in following your argument and the distinctions you are trying to make. > In each case we have the _implementation_ to let us down. #1 is up > to the user whereas #2 and #3 are up to the programmer. Who do you > trust ;) Sorry, I do not follow this either. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/11012015230609.01a9ffe85...@desktop.copernicus.demon.co.uk