should we use external hardware signing device instead of root password to prevent privilege escalation through keylogger?