I’ve read a number of posts about how one should never, EVER keep client login credentials. Personally, on at least several clients, I’ve broken this rule.
The reason I broke this rule is that in the beginning I realized how unorganized clients were, and 9 out to 10 times they never kept their passwords handy so we had to reset them every time. But over time I’m realizing that I have quite a few in one place if anyone ever got a hold of it, they could do some harm.
I’ve since moved everything to local files that have their own passwords. The only problem here is if I’m out and about and I end up needing the information, I can’t access it. I then thought maybe I would store that protected file in a my dropbox account that has 2 step verification. So then at least 3 layers of security need to be breached to get to it.
At the end of the day though, I still end up with usernames and passwords.
So I’m curious how other people handle this. Is the best practice to suck it up and make clients store their own information? Or are there some all-but-foolproof methods that I’m not thinking of?
I think Dropbox is a safe approach. I mean, there’s always a way to breach security, right? So another thing you could do is put the login credentials in a password protected zip file. Or put the credentials on a external Hard Drive and hide the zip folder.
Yeah, I know there are many, far more “mobile” people than me. And I completely agree about not carrying an open file around on a laptop. Encryption might help you there.
If I were to store such information remotely, I’d put it on a machine I own (or at least control), where the only access would be via ssh. I avoid things like Dropbox – I don’t trust them – but I’ll admit that it’s mostly a personal aversion.