Hi Marko,
Using the ssh key can be problematic because it is too long and too random to be memorized --- you have to carry it on a usb stick (or whereever). This provides an additional point of failure should your stick get lost or stolen.
this is only correct when you use SSH keys without a sufficiently secure passphrase. Which you obviously should never do. If you have a passphrase with your key, finding or stealing the USB stick is completely useless, and even if someone gets at your key, your no worse off than with password authentication.
Human brain is still by far the most secure information-storage device. :-)
I strongly disgree. Social engineering is a very efficient way to get at other people's data.
It is very inconvenient for people who need to login to their servers from random remote locations (ie. people who travel a lot or work in hardware- controlled environment).
Agreed.
Besides, it is essentially a question of overkill. If password is not good enough, you could argue that the key is also not good enough --- two keys (or a larger one) would be more secure. Where do you draw the line?
One key is indefinitely better than a password. The additional security you gain when you add another key is, however, disputable.
Best regards,
Peter.