FTP and secure password management

3 replies
Hi folks,

Like many developers with multiple clients websites to take care of, I use a secure password manager (in my case, KeePass). I usually have at least 4 userpass cominations per client site - database, ftp, primary email, CMS admin, and then sometimes a Gmail address, hosting CP, secondary users for above services, etc. (I'm very happy with KeePass for password management.)

My main concern is FTP - I'm currently using FileZilla, which you probably know refuses to encrypt stored passwords. So I'm left with either not storing the passwords along with the rest of the connection data (and copying out of KeePass every time I login), or storing it insecurely as plain text (even if I use sFTP etc to do the actual transfers). I find this a bit frustrating, and while I understand why the developer holds the principle of not encrypting the password, it is awkward. If FileZilla wasn't so good it would be easier - I'd just look for an alternative.

What do you guys do? Any tips, workarounds, etc?
#ftp #management #password #secure
  • Profile picture of the author RobKonrad
    You could create an encrypted container - using TrueCrypt, for example - and Set FileZilla to store all PWs there.

    That would mean you 'd have to open the container before each working session, but at least in case your comp gets lost/stolen/whatever, PWs are safe.

    Cheers,
    Rob
    Signature
    ================================================== ===
    This blog is awesome: http://www.robkonrad.com/blog. Read it.
    ================================================== ===
    {{ DiscussionBoard.errors[5251616].message }}
  • I've been playing with TrueCrypt a bit - I think I'm going to implement something like this. Wonder if it's usable out of Dropbox - that could be cool.
    {{ DiscussionBoard.errors[5251907].message }}
  • Profile picture of the author garcia17
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[5252519].message }}
    • Profile picture of the author RobKonrad
      Originally Posted by garcia17 View Post

      i'm sorry for my bad english but i'm italian
      Thank you for your valuable contribution to this thread! :rolleyes:


      As for Dropbox and Truecrypt:

      The problem is that dropbox auto-syncs a file is changed.
      Truerypt containers are basically one massive file (e.g. 1 GB) with a lot of files in them.
      Dropbox cannot look in the encrypted container (of course), so even if you change one word in a small text file in that container, it will sync the FULL container.

      So technically, it's possible, but I would not recommend it for large containers.

      As for FTP logins - that can be a very, very small container, so it's absolutely doable.

      There *are* some security concerns though, as *theoretically* the fact that dropbox saves old container versions might make the container breakable... but this is more of a theoretical concern.

      More here

      Dropbox and Truecrypt Files « Dropbox Forums

      cheers,
      Rob
      Signature
      ================================================== ===
      This blog is awesome: http://www.robkonrad.com/blog. Read it.
      ================================================== ===
      {{ DiscussionBoard.errors[5253727].message }}

Trending Topics