A credential is “something you have” if it can only be compromised by physical access. Ssh keys, like passwords, can be collected by remote attackers. When attackers gain access to your client machine (your laptop or desktop computer) they can copy your private keys and install a keystroke logger to capture your passwords. While equivalent…