If you use SSH with key encryption, then the keys should have passphrase or hardware key authentication. In case the device is stolen, it's a lot harder to rebuild the keys that are protected this way.
Depending on the organization or services that you use you might already have the keys present. When you set the passphrase, you won't need to enter it whenever you use the key, as the authentication is preserved until the next login or wake-up from sleep.
To secure them:
ssh-keygen -p -f ~/.ssh/id_rsa
If you want to create new SSH key, the GitHub docs, provide a great starting point.