== See

* https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[OWASP Top 10 2021 Category A7] - Identification and Authentication Failures
* https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html[OWASP Top 10 2017 Category A2] - Broken Authentication
* https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] - Incorrect Privilege Assignment
* https://cwe.mitre.org/data/definitions/269[MITRE, CWE-269] - Improper Privilege Management
* https://cwe.mitre.org/data/definitions/272[MITRE, CWE-272] - Least Privilege Violation
* https://cloud.google.com/compute/docs/connect/restrict-ssh-keys#remove-metadata-key[GCP Documentation] - Restrict SSH keys from VMs
* https://cloud.google.com/compute/docs/instances/access-overview#risks[GCP Documentation] - Risks of manual key management