Why is public key authentication better than passwords?

When it comes to data transfer, one of the issues that should constantly be on your mind is security. The importance of data security is constantly increasing in parallel to the growing amount of data and information shared over the web, as well as the persistent assaults launched by malicious cyber criminals trying to get their hands on that precious data. If using the standard username/password is your idea of cyber security, you might find yourself facing a data breach rather quickly. What should you be using Instead? Read on to find out.

What is Private/public key authentication and how does it work?

A private/public key authentication refers to the SSH key authentication method, which is a cryptographic system that uses pairs of keys, each consisting of a public key and a private key. Keys are created by asymmetric encryption algorithms, where the encryption and decryption use separate keys. The private key must be kept private and confidential and should not be shared with anybody else, while the public key, which was generated together with the private key, can be shared with any server.

Why is using private/public key authentication better than using a password?

Now that you know a bit about SSH keys, it’s time to talk about why you should be using them rather than the old and familiar password method. A password is a traditional security measure, made out of a string of characters used to verify the identity of a user and is created by the user himself, which leads us to the main reason you should be using a public/private key authentication: security!

SSH key authentication offers cryptographic strength that even an extremely long and complex password can’t offer. A password can be compromised in a variety of ways - from brute-force attack, to phishing schemes and other social engineering methods used by malicious users to obtain personal information and access your accounts. Oh and let's not forget about the very embarrassing possibility of someone finding a password that was written down so that it won’t be forgotten.

SSH Keys ensure a degree of authentication that can only be achieved by users who possess the private key linked with the public key on the server. An intruder who gets access to the server’s public key won't be able to gain access to the server without the associated private key.Another reason to use public/private key authentication over a password is its usability benefits: it allows automated, passwordless login, which is a crucial enabler for the innumerable secure automation processes that are carried out within enterprise networks worldwide.

During the authentication process, the public key is used to encrypt a random challenge message, which is then sent back to the authenticating client. The private key is used to decrypt the message which is then combined with a session ID and sent back to the server. If the message matches what the server sent out, this proves to the server that the client possesses the private key that corresponds with the public key and the client is granted access.

With SFTP To Go you can use either, or both!

SFTP To Go relies on SSH for both authentication and encryption. It supports both private/public key authentication and username/password combinations, while encrypting all communication using SSH crypto algorithms and making sure the data is also encrypted at rest on storage. We believe in being extra secure, and you?

Cloud FTP with maximum security and reliability
SFTP To Go offers managed cloud storage service - highly available, reliable and secure. Great for companies of any size, any scale.
Try SFTP To Go for free!

Post photo by Franz van Duns on wikimedia.