Security

Hardware-backed SSH keys end to end: YubiKey, PIV, software alternatives, and where SSH CAs fit in

A working guide to using a YubiKey for SSH on a real Linux fleet — the four knobs (resident, touch, PIN, agent), a four-mode policy for root and Ansible, software-only alternatives, and where SSH CAs fit in.

May 9, 2026 · 19 min

180 Breaches a Second: How Software Broke Its Promise, and the Radical Fix Hiding in Plain Sight

180 accounts are breached every second — and most of it comes down to reused passwords and missing MFA. A look at the software quality collapse behind the headlines, and why the fix is the same infrastructure-level move HTTPS once made: passkeys, on-device DLP, and capability-scoped AI agents.

April 3, 2026 · 27 min