"For critical passwords, use split passwords
with dual custody."
Could anyone comment on the practice? Does it mean that I have the first half of password and other guy has the other? We can only log in by combining password? How do we type the password in by not sharing a physical computer?
Yep! Dual custody can really just be as simple as providing two halves of the password from different owners. I've implemented similar before. Both owners having physical access tends to be the safest way, as whenever one is remote you have considerations about the password in transit. Something like tmate could help.
Could anyone comment on the practice? Does it mean that I have the first half of password and other guy has the other? We can only log in by combining password? How do we type the password in by not sharing a physical computer?