🔒 Passwords: The Basics
Passwords are the most common way to prove your identity online. However, they need to be strong to protect your accounts. Here’s what you need to know:
Best Practices:
- Use longer passwords (at least 8 characters).
- Mix it up with numbers, upper and lower case letters, and symbols.
- Avoid common words or simple substitutions.
- Never reuse the same password for different accounts.
- Change your passwords regularly.
🧐 Why Passwords Matter
Using weak or easily guessable passwords can put your accounts at risk. Attackers have many tricks up their sleeves to crack them.
💡 Password Managers to the Rescue
Password managers like KeePass, LastPass, and 1Password can make life easier:
🔑 KeePass: Keeps your passwords in a secure, encrypted database. Only remember one strong password.
🔗 KeePass
👉 To Install: brew cask install keepassxc
🔑 LastPass: Manage passwords online, across devices. Also, offers convenient browser plugins and mobile apps.
🔗 LastPass
🔑 1Password: A competitor to LastPass. Some prefer it due to its security features.
🔐 Public Key Authentication: The Advanced Way
For a higher level of security, you can use public key authentication. Here’s how it works:
🔑 SSH (Secure Shell): Uses public key authentication to allow passwordless access to remote hosts.
📜 Steps to Set Up SSH:
- Generate SSH keys with
ssh-keygen -b 4096
. - Copy your public key to the SSH server with
scp
. - Append the public key to
authorized_keys
. - Adjust file permissions with
chmod
.
Simple SSH Key Generate
# Generate SSH keys. Use the default file and empty passphrase for the keys.
ssh-keygen -b 4096
# Copy public key to SSH server
scp ~/.ssh/id_rsa.pub :
# SSH to host
ssh
# Append public key to authorized_keys
mkdir ~/.ssh
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub
⚠️ Note: The private key should remain secret and have restricted file permissions.
🛡️ Advantages of Public Key Authentication:
- Enhanced security through cryptographic keys.
- Passwordless and non-interactive access.
- Avoids the risk of password cracking.
🚫 Disadvantages of Public Key Authentication:
- More complex setup.
- If the private key is compromised, it’s a security risk.
🚀 Tips and Tricks
- Simplify login to different hosts using SSH config files.
- Set defaults for hosts so you don’t need to enter the same details repeatedly.
📄 Sample SSH Config File:
Host my_host
Hostname ec2-42-42-42-42.us-west-2.compute.amazonaws.com
User ec2-user
IdentityFile ~/.ssh/host_public_key.pub
👉 Now, you can connect with ssh my_host
effortlessly.
🔑 Deliverable: Create SSH keys, add the public key to an SSH server, and test logging in without a password.
So, choose your authentication method wisely—passwords for simplicity or public keys for enhanced security. Stay safe online! 🌐🔐