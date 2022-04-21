We use public-private key pairs for a variety of security purposes, such as two-factor authentication, signing Git commits, and connecting to a server via SSH. We mitigate the risk of our private keys being stolen by keeping them on hardware security devices. This means that even if our workstations are compromised, an attacker cannot steal our private keys.

These devices are secured with strong passphrases and are configured to “brick” themselves after multiple failed attempts to unlock them. The devices require a physical touch to operate, meaning that malware cannot steal the keys without a human being involved.