Recently someone I know advised other IT people to generate their SSH keypair using the default options “using just enter to answer all the questions”. This means that the Private Key generated has no password against it (and is unencrypted). In this case your private key is stored unprotected on your own computer, and anybody who gains access to that will be able to generate signatures (login to servers) as if they were you They will be able to log in to your server under your account.