Skip to Content

SFTP - Password vs Key Authentication

Hi SDNites,

I am using Password based authentication for SFTP adapter but would like to know if it is less secure than Key based authentication. Also please let me know if the data, user and password all are encrypted in both the approaches or not.

Regards,

Abhi

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Oct 22, 2015 at 02:19 PM

    Hi Abhi,

    Password protection is vulnerable to phishing attacks, there are chances that anyone can hack into your data or see what you are transmitting to your third party.

    Certificates on the other enable use of asymmetric key exchange method between 2 communication parties using the private key and certificate pair. Your data will be nothing more than a jumbled bit of information for anyone who tries to hack through 😊

    Hope this explains!

    Regards,

    Karthik

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 22, 2015 at 05:19 PM

    Hello Abnishek,

    SFTP supports not only password or certificate based authentication, but the combination of them (dual authentication) - when both password and certificate are used during authentication procedure. Thus, if you are concerned about secure authentication, I would suggest using dual authentication method rather than selecting between password or certificate. I would grade existing supported authentication mechanisms for SFTP adapter as following:

    1. (least secure) Password. As mentioned by others earlier, passwords can be hijacked or hacked (especially if there are no password restriction and strong password generation rules in place);

    2. Certificate;

    3. (most secure) Password and certificate (dual).

    Regards,

    Vadim

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 22, 2015 at 02:04 PM

    Hello Abhishek,

    Both are secured.

    But in layman terms without considering PI,Passwords authentication is a bit little safer because passwords can be cracked,Whereas Keys cant be.

    And coming to encryption you should encryption part,Keys or passwords doen't play any role here.

    Add comment
    10|10000 characters needed characters exceeded