FTP and secure password management

by 3 replies
4
Hi folks,

Like many developers with multiple clients websites to take care of, I use a secure password manager (in my case, KeePass). I usually have at least 4 userpass cominations per client site - database, ftp, primary email, CMS admin, and then sometimes a Gmail address, hosting CP, secondary users for above services, etc. (I'm very happy with KeePass for password management.)

My main concern is FTP - I'm currently using FileZilla, which you probably know refuses to encrypt stored passwords. So I'm left with either not storing the passwords along with the rest of the connection data (and copying out of KeePass every time I login), or storing it insecurely as plain text (even if I use sFTP etc to do the actual transfers). I find this a bit frustrating, and while I understand why the developer holds the principle of not encrypting the password, it is awkward. If FileZilla wasn't so good it would be easier - I'd just look for an alternative.

What do you guys do? Any tips, workarounds, etc?
#programming #ftp #management #password #secure
  • You could create an encrypted container - using TrueCrypt, for example - and Set FileZilla to store all PWs there.

    That would mean you 'd have to open the container before each working session, but at least in case your comp gets lost/stolen/whatever, PWs are safe.

    Cheers,
    Rob
    • [ 1 ] Thanks
  • I've been playing with TrueCrypt a bit - I think I'm going to implement something like this. Wonder if it's usable out of Dropbox - that could be cool.
  • Banned
    [DELETED]
    • [1] reply
    • Thank you for your valuable contribution to this thread! :rolleyes:


      As for Dropbox and Truecrypt:

      The problem is that dropbox auto-syncs a file is changed.
      Truerypt containers are basically one massive file (e.g. 1 GB) with a lot of files in them.
      Dropbox cannot look in the encrypted container (of course), so even if you change one word in a small text file in that container, it will sync the FULL container.

      So technically, it's possible, but I would not recommend it for large containers.

      As for FTP logins - that can be a very, very small container, so it's absolutely doable.

      There *are* some security concerns though, as *theoretically* the fact that dropbox saves old container versions might make the container breakable... but this is more of a theoretical concern.

      More here

      Dropbox and Truecrypt Files « Dropbox Forums

      cheers,
      Rob

Next Topics on Trending Feed

  • 4

    Hi folks, Like many developers with multiple clients websites to take care of, I use a secure password manager (in my case, KeePass). I usually have at least 4 userpass cominations per client site - database, ftp, primary email, CMS admin, and then sometimes a Gmail address, hosting CP, secondary users for above services, etc. (I'm very happy with KeePass for password management.)