SSH stores the secret keys in plaintext too. In a home dir accessible only by the owning user.
I won’t speak about Windows but on Linux and other Unix systems the presumption is that if your home dir is compromised you’re fucked anyway. Effort should be spent on actually protecting access to the home personal files not on security theater.
Well yes, but also how would users react if they had to type in their passphrase every time they open the app?
This is also exactly what we’re giving up everywhere else by clicking ‘remember this device’.
SSH stores the secret keys in plaintext too. In a home dir accessible only by the owning user.
I won’t speak about Windows but on Linux and other Unix systems the presumption is that if your home dir is compromised you’re fucked anyway. Effort should be spent on actually protecting access to the home personal files not on security theater.
Not true, SSH keys need their passphrase to be used. If you don’t set one, that’s on you.
Well yes, but also how would users react if they had to type in their passphrase every time they open the app? This is also exactly what we’re giving up everywhere else by clicking ‘remember this device’.
Come on, 95% of users don’t set passwords on their ssh keys