By downloading and checking users’ SSH public keys, @hnw found that a number of users had cryptographically weak keys associated with their accounts. To address this problem, we added validations, checking that new keys being added to user accounts are greater than 1023 bits, updated our documentation to recommend generating 4096 bit RSA keys, and revoked existing weak SSH keys.