Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Advantages and Disadvantages of Password Authentication

The Secure Shell protocol contains numerous features to avoid some of the vulnerabilities with password authentication. Passwords are sent as encrypted over the network, thus making it impossible to obtain the password by capturing network traffic. Also, passwords are never stored on the client. Empty passwords are not permitted by default (and they are strongly discouraged).

On the server side, the Secure Shell protocol relies on the operating system to provide confidentiality of the user passwords. SSH Tectia Server also supports limiting the number of password retries, thereby making brute-force and dictionary attacks difficult.

However, Secure Shell does not protect against weak passwords. If a malicious user is able to guess or obtain the password of a legitimate user, the malicious user can authenticate and pose as the legitimate user. Weak passwords can also be discovered by dictionary attacks from a remote machine.

Password authentication can also be used as a generic authentication method. This is the case with SSH Tectia Connector when all users use the same credentials. In this case only data encryption and data integrity services are provided. The responsibility for user authentication is left to the tunneled third-party application.

The following lists sum up the advantages and disadvantages of using password authentication with SSH Tectia.


  • Simple to use

  • Simple to deploy—since the operating system provides the user accounts and password, almost no extra configuration is needed.

  • Generic password use with SSH Tectia Connector


  • Security is entirely based on confidentiality and the strength of the password.

  • Does not provide strong identity check (only based on password).