# client ftp login info



## groovetube (Jan 2, 2003)

anyone with good security methods to keep this safe?

traditionally I've had transmit, and use .mac to backup the ftp info. But someone stealing your machine or backup drive, could result in a pretty messy 'going down the list' to change all them passwords, it's getting to be quite the list.

I've thought of things like keepass, or others and pull the info out of transmit for security purposes. 

Any ideas?


----------



## Guest (Jan 1, 2011)

I keep sensitive info like that on a password protected/encrypted disk image, then it just rotates into my normal backups as all my other files do. The encryption levels built into disk image app and OSX are good enough for me to keep that type of stuff reasonably safe.


----------



## groovetube (Jan 2, 2003)

I used to use that for some private info documents until one day the disk image was corrupt. I had a backup, but this happened a few more times after that.

I'm wondering what other schemes companies would use for this sort of thing.


----------



## johnnyspade (Aug 24, 2007)

Close to half of the sites I work on require an SFTP connection hooked up to a keypair and my static IP address. Not failsafe, but pretty secure. For storage of data, I've been using an application called Wallet for the last few years.

Acrylic - Wallet for Mac


----------



## groovetube (Jan 2, 2003)

wallet, this looks interesting. I like how this syncs over mobileme.


----------



## Chealion (Jan 16, 2001)

FWIW Transmit stores it's passwords as part of your keychain. Personally I use 1Password.


----------



## groovetube (Jan 2, 2003)

yes it does, but if someone steals your mac, resets the admin password, they can wipe out 50 of your clients ftp.


----------



## John Clay (Jun 25, 2006)

groovetube said:


> yes it does, but if someone steals your mac, resets the admin password, they can wipe out 50 of your clients ftp.


Not if they don't know your Keychain password.

While anyone can reset the user login with an admin account, they can't reset the Keychain password without knowing the original password first.


----------



## groovetube (Jan 2, 2003)

hmmm. Here I thought all you needed, was the admin pass, reset or not, and you had access to keychain.

My main concern was if someone stole a machine, they could simply walk into transmit and destroy sites and/or access all ftp passwords from the keychain.

So as long as the machine is password protected at login/sleep, they -cannot- access keychain without the original admin password even if they reset the password?


----------



## John Clay (Jun 25, 2006)

groovetube said:


> hmmm. Here I thought all you needed, was the admin pass, reset or not, and you had access to keychain.
> 
> My main concern was if someone stole a machine, they could simply walk into transmit and destroy sites and/or access all ftp passwords from the keychain.
> 
> So as long as the machine is password protected at login/sleep, they -cannot- access keychain without the original admin password even if they reset the password?


Unless they guess your password, no. Resetting the user password doesn't change the encrypted Keychain password. It would entirely defeat the purpose of encrypting it in the first place.


----------

