Certificate-based authentication

Certificate-based authentication is based on what the user has, which is the user's private key, and what the user knows, which is the password that protects the private key (if the key is not located in a secure keystore). However, both of these assumptions are true only if unauthorized personnel have not gained access to the user's workstation or password, the password for the client's private key database has been set, and the client is set up to request the password at reasonably frequent intervals. Although certificate-based authentication addresses security, it does not address issues related to the physical access of individual workstations or passwords. Public key cryptography only verifies that a private key that is used to sign some information corresponds to the public key in a certificate. It is your responsibility to protect the physical security of a workstation and to keep the password for the private key a secret.

Related information:

See Public key cryptography.