Forums

  • # November 13, 2012 at 4:40 pm

    I’ve read a number of posts about how one should never, EVER keep client login credentials. Personally, on at least several clients, I’ve broken this rule.

    The reason I broke this rule is that in the beginning I realized how unorganized clients were, and 9 out to 10 times they never kept their passwords handy so we had to reset them every time. But over time I’m realizing that I have quite a few in one place if anyone ever got a hold of it, they could do some harm.

    I’ve since moved everything to local files that have their own passwords. The only problem here is if I’m out and about and I end up needing the information, I can’t access it. I then thought maybe I would store that protected file in a my dropbox account that has 2 step verification. So then at least 3 layers of security need to be breached to get to it.

    At the end of the day though, I still end up with usernames and passwords.

    So I’m curious how other people handle this. Is the best practice to suck it up and make clients store their own information? Or are there some all-but-foolproof methods that I’m not thinking of?

    # November 13, 2012 at 4:46 pm

    I think Dropbox is a safe approach. I mean, there’s always a way to breach security, right? So another thing you could do is put the login credentials in a password protected zip file. Or put the credentials on a external Hard Drive and hide the zip folder.

    # November 13, 2012 at 4:50 pm

    I do.

    I use 1Password.

    # November 13, 2012 at 5:25 pm

    @andy_unleash Haha. Obvious but great advice.

    # November 13, 2012 at 5:45 pm

    I keep hand written copies while I’m working with the client, and then dispose of them accordingly.

    # November 13, 2012 at 5:53 pm

    @andy_unleash Oh, I eat it.

    Shredding.

    # November 13, 2012 at 10:33 pm

    @JoshWhite Read this (third paragraph). Dropbox might be introducing something that has to do with passwords.

    __
    # November 14, 2012 at 7:21 pm

    @JoshWhite

    Yeah, I know there are many, far more “mobile” people than me. And I completely agree about not carrying an open file around on a laptop. Encryption might help you there.

    If I were to store such information remotely, I’d put it on a machine I own (or at least control), where the only access would be via ssh. I avoid things like Dropbox – I don’t trust them – but I’ll admit that it’s mostly a personal aversion.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

icon-anchoricon-closeicon-emailicon-linkicon-logo-staricon-menuicon-nav-guideicon-searchicon-staricon-tag