[Labs-l] 2-factor shell auth (was:second attempt to request alternative login server)

Wed Mar 6 18:45:30 UTC 2013

On Wed, Mar 6, 2013 at 10:19 AM, Matthew Walker <mwalker at wikimedia.org> wrote:
>> [removed garbage about password auth being wonderful...]
>
> I don't feel passwords are any more or less secure than keys. In some cases
> keys can be even less secure if you're doing agent forwarding.

Yes passwords are less secure than keys - egads.  The amount of
entropy in a key makes it impossible to brute force in this day and
age (https://www.youtube.com/watch?v=BA6kG-tOkBs) versus passwords
which have much less entropy.  You should still password protect your
key in case your laptop/key storage is accessed.

-- 
Leslie Carr
Wikimedia Foundation
AS 14907, 43821
http://as14907.peeringdb.com/