ADVANTAGES AND DISADVANTAGES OF PASSWORD AUTHENTICATION
The Secure Shell protocol contains numerous functions to prevent some of the vulnerabilities with password authentication. Passwords are sent as encrypted over the network, making it impossible to obtain the password by capturing network traffic. Also, passwords are never stored on the client. Empty passwords are not allowed by default (and are strongly discouraged).
On the server side, the Secure Shell protocol relies on the operating system to provide confidentiality of user passwords. SSH Tectia Server also supports limiting the number of password retries, which makes brute-force and dictionary attacks difficult.
However, Secure Shell does not protect against weak passwords. If a malicious user is able to guess or obtain the password of a legitimate user, the malicious user can authenticate and present himself as the legitimate user. Weak passwords can also be discovered by dictionary attacks from a remote machine.
Password authentication can also be used as a generic authentication method. This is the case with the SSH Tectia Connector when all users use the same credentials. In this case only data encryption and data integrity services are provided. The responsibility for user authentication is borne by the third-party tunnel application.
The following lists summarize the advantages and disadvantages of using password authentication with Tectia SSH.
ADVANTAGES
• Easy to use
• Easy to implement, because the operating system provides user accounts and password, almost no additional configuration is required.
• Generic password use with SSH Tectia Connector
DISADVANTAGES
• Security is based entirely on the confidentiality and strength of the password.
• Does not provide strong identity verification (password-only only).