To passphrase or not to passphrase

While you can generate a key without a passphrase, and there are valid use cases for doing so (for example, in the case of automated deployments), it is considered a best practice to generate your own key with a passphrase.

This does mean that if your key isn't unlocked in your keychain (which itself might be unlocked when you log into your machine), you will be prompted for the passphrase to unlock the key. You might consider this a hassle, but think of it in terms of the security onion (multiple layers of security... it's not a great analogy, unless security makes you cry.) If you lost your private key, the malicious person that picks it up won't be able to use it to access your stuff.