How Do You Store FTP Login Information For Your Clients?

Tweet

ftpA common way to store FTP access information is in your FTP client. After all, that is where you use it, so that’s where it should be. But what happens if the FTP application crashes or your configuration file becomes corrupt? Is an FTP program secure enough to be your sole place for storing client logins?

Before making the permanent switch to a Mac last year, I had three PC crashes in a period of 18 months. I know all about data failure and did just about everything Craig Buckler listed in his “8 Tips for Surviving PC Failure” post. It worked; I saved almost all of my data. But even with dual backups and exporting my FTP configuration files to my backup data (which was a manual process with the FTP client I was using at the time), I wasn’t able to recreate all of my logins automatically. Either a password had changed or a new site was added to the mix since the last time the data was backed up, and I was left digging through thousands of e-mails trying to find the information I needed.

I’ve also stored passwords and logins in my address book as notes for each client. But that wasn’t foolproof either; some of the notes were lost when data was backed up, and more were lost when I moved to a new contact management system.

Some of the other options I’ve used or considered include:

  • Password management utility, like KeePass
  • Web-based FTP program that saves your data online, like AnyClient
  • Excel spreadsheet
  • Online (or even paper) notebook

Currently, I store all of my client data — including FTP logins — in a web-based project management system (Intervals), which is secure and accessible by my subcontractors, clients and anyone else who needs to access the data. Having it in one central place also eliminates the problem of dealing with outdated passwords, provided everyone uses the data in the system.

But I pay a steep monthly fee for the project management service that has an SSL, and it’s probably much more robust than what’s needed for this type of issue by itself. Luckily, I need many of the extra features the service offers to run my business efficiently, but it’s probably not an option for everyone who needs to store a limited amount of information, like FTP logins.

Is there a best way to store this information? How do you manage FTP logins for multiple clients so they’re easy to access and secure?

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • http://www.impelgd.co.uk Impel GD

    KeePass, coupled with Dropbox.

  • http://www.lit.org Crowe

    Find a password utility that lets you specify where to save the password db. Get dropbox (getdropbox.com) and point the password db there. Syncs it up, securely, and you’re backed up to the cloud automatically. Also means you have the same pw db on all computers you use and you can still backup that file regularly locally.

    I do this for most of my important data.

  • dev_cw

    http://www.serverskine.com/ It helps me organize all server/domain accounts for my clients. Saves as XML file so even without the app the data is still retrievable. Not automated but very handy :)

  • http://www.impelgd.co.uk Impel GD

    If you sign up to Dropbox using this link, you’ll get an additional 250MB allcoated to your account via my referal linkie.

    https://www.getdropbox.com/referrals/NTE4MzA4NTk

    And I will, too. :) They’re very nice people at Dropbox.

  • Genjutsushi

    I store all my clients FTP details in a spreadsheet, which itself is on a encrypted external HDD that gets backed up once a day. I’m happy with this arrangement, even if it is a little OTT.

  • israelisassi

    There is more to backups than just making backups. One has to factor in how to keep them full of useful information, but that’s another topic.

    In addition to the FTP client, I keep a physical folder (as odd as that may seem) for each client that has certain information. On the inside of the folder I write the hosting info, FTP info, admin account info for CMS’s, database info, and a few other tidbits. All kept in locked drawers.

  • Anonymous

    I store them in Dreamweaver (which sucks in regards to backing up) so I also set up the ftp information into fetch (easier to backup the shortcuts) I also have an excel file with a cleaver name which is protected and backed up. I thought at one point I’d move it to Filemaker Pro, but for some reason I never did.

    I’m reluctant to store them in my contact/address book in case my phone or iPod gets stolen or lost, I would hate to have to *fix* that error!

    Off-site I use iDisk. But thanks for the reminder because I also have a dropbox account.

  • kesjeff

    I currently have been using FireFTP an add-in to Firefox. Great fast little tool within the browser. I just exported the settings after reading this article and it also encrypts the export settings with a password. Give it a try at http://fireftp.mozdev.org/

  • http://www.davidmcdonald.org davemac

    I create a Google Doc for each client, which contains all their website info such as FTP, WordPress logins, email user names and passwords, domain info etc and then share it with the client as well.

    That way, we both have access to the information from wherever we are.

  • http://www.ucsi.cc UCSI

    Good old Excel spreadsheets and hard copy printouts every now and then – not the most elegant, but it has saved me lots of times…

    Also put the info in the client file folders (actual paper client folders) for future reference and sometimes in Outlook business Contact Manager (but don’t always remember to do that).

    Also tried some online solutions, including Office Live (didn’t like it)

  • kai920

    I’ve just experimented with KeePass + Dropbox. Works well on my laptop (Win) and desktop (Mac), but what happens when I’m at another computer? I can access the .kdb file via DB but is there a quick way to decrypt it without downloading the keepass desktop client?

  • http://www.optimalworks.net/ Craig Buckler

    Good point about FTP passwords, Alyssa.

    I use KeePass for storing all my passwords, including FTP ones. I also use the zip version of FileZilla – that stores all your FTP details in a single XML file which can be backed up easily.

  • http://www.clerkendweller.com/ Clerkendweller

    Mmmm… just don’t use FTP?

  • kesjeff

    What version of KeePass is everyone using 1 or 2 and do you run it from a USB or install it and use the USB for the key?

    Jeff

  • http://www.optimalworks.net/ Craig Buckler

    just don’t use FTP

    I assume you’re referring to SVN? I’d love to use it all the time, but it’s not supported by all web hosts.

    What version of KeePass is everyone using

    I use the zipped version 1.x. I have it installed locally and on a USB drive. The database is also stored locally, although I have a backup copy in a dropbox folder.

  • krues8dr

    If you’re on a mac, you just need to backup your keychain and ftp bookmarks – if you’re using Time Machine, this should be taken care of automatically.

  • Arman

    Keepass + Dropbox. Best solution in my opinion. I can access the information anytime I need it. Installed version on ctual computers I use and portable version always with me USB Flash. It is useful for creating individual databases and giving it’s keys to your clients, so only you and they can access the secured information…

  • Josh Surber

    ~/.netrc backed up via rsync(1)

  • http://degeberg.com Daniel0

    I’m using the Keepass+Dropbox combo as well.

  • stoerschwein

    KeyPass on a stick is goog option. Also as proposed to combine it with Dropbox, or to encounter an alternative Syncplicity. If you want a real online solution, try the Online Password Manager Clipperz (www.clipperz.com/).

  • Florent V.

    KeePassX (for Linux and OS X) + Dropbox. I used to use a different password manager, but it didn’t run on OS X (it was Linux and Windows only), so I switched to KeePass(X).

  • Andy Robinson

    Yojimbo (Mac) -> iSync -> MobileMe

  • JohnWilliams

    I suggest you look at RoboForm.
    http://www.roboform.com/

    I have only seen good reviews by very experienced users and support is very good.

    John Williams

  • AppBeacon

    KeePass & KeePassX & Dropbox here. I have different files for my real job passwords and my personal/side line passwords. Depending on which computer I’m on, I can access either thanks to automatic syncing with DropBox.

    • http://www.avertua.com Alyssa Gregory

      Wow, KeePass and Dropbox seem like the overwhelming favorite. And http://www.serverskine.com recommended by @dev_cw looks interesting, too. Great info!

  • http://loadaveragezero.com/app/wp/ dwclifton

    All this sounds like overkill to me. For each project I work on I maintain a simple text file with customer metadata in it, including hostname/IPs, usernames, and passwords [only used in a pinch]. Nothing on my development server is accessible from the outside world so it is fairly secure and I am the only user. If I need to send someone, say a subcontractor, such info I use email over TLS and PGP encryption, or just do it over the phone.

    As far as FTP, who uses FTP anymore? Use a public RSA key and SSH/SFTP to access your remote hosts. Gnome Nautilus has a nice feature that allows you to create a virtual folder that is in fact a SFTP connection to a remote host/path. But it appears and behaves just like any other folder when open so you can drag and drop files to and from the remote host with ease. But I generally only use such a setup for simple things like new or updated images.

    Shell, aka command line users can use scp instead, and once your comfortable with the syntax it’s very easy to send/retrieve large numbers of files. rsync in conjunction with ssh is another powerful technique for bulk updates, and has the advantage of resuming interrupted transfers.

    A even better way, as someone else pointed out, is a distributed version control system used to install/update large projects on a remote host. Git is my SCM of choice and it supports SSH key/transfer encryption. You can either create your own repositories on a dedicated server, or use a service like GitHub.

  • Tara Kelly

    You’ll want to use a password manager for this information.

    Try Passpack – http://passpack.com

    Many have commented about Keepass + dropbox… essentially Passpack achieves this automatically. It’s native online storage for passwords, and it’s built specifically for protecting critical information over the internet.

    Whatever you do – text files and spreadsheet are not enough. Just think what would happen if all your client’s FTP info got stolen at once. How would you explain that to your clients?

    [disclosure, I'm a founding partner at Passpack - let me know if you have questions!]

  • AppBeacon

    @Tara Kelly RE : PassPack : An online password management system isn’t very useful when you’re at Starbucks and need your TMobile account password to get logged in so that you can access the internet.

  • AppBeacon

    @Tara Kelly : I apologize for my last response. I should have read farther. PassPack also has a desktop client. http://www.passpack.com/en/products/passpack_desktop.php

    I’d suggest you make that feature a bit more prominent on your site. People (like me) see “Online” and run away screaming without looking any further.

  • kai920

    Dropbox came in very handy when I accidentally corrupted the Keepass database file by accessing it simultaneously from 2 computers. Thank god dropbox automatically stores all revisions of a file, so after a couple clicks I was able to restore to the last known working copy!

    I still need to investigate how to best access the keepass file when I am away from my own computers… thinking I can check out the Windows Mobile version and then keep the .kdb file synced to my phone somehow.

    PS. Here’s my dropbox referral link in case anyone wants to try it out: dropbox (we both get an additional 250MB storage for free if you use this link)

  • cooperx

    I use the corporate sharepoint at work where it is backed up daily and subject to the same disaster recovery planning as our financial system so Im pretty happy with that.

    I would suggest using something such as google docs, backpack or similar.

    Because its not just passwords you need to keep nice and secure but also those contract documents, license files, and so on and so on.

    These services are also nice and searchable which makes it so much simpler once you get up to a few hundred items

  • Anonymous

    I use blank A4 paper for every klient I have. I keep all ftp, database and hosting account informations on paper. And it works for me.

  • http://www.impelgd.co.uk Impel GD

    Blank A4 paper? :S What happens if there’s a fire or if someone breaks in?

  • Mr. Secure

    @dropbox / passpack users:
    You store the critical login data of your customers in an online database of a third party company?!?!??

    Serverskine looks nice to me, but seems to be mac only :( Does anyone know a similar alternative for windows/linux, or even better web based? (wich means open source web app, to install on my own lan internal webserver)

  • http://www.impelgd.co.uk Impel GD

    @Mr. Secure: I use Dropbox, but only with my encrypted KeePass database. Even if somebody at Dropbox decided they wanted to open it, they would have to get around 128-bit block cipher (256bit key) AES encryption, with over a million key encryption rounds, which KeePass is set to use. The US Government has declared this is fit to protect “TOP SECRET” information – I’m reasonably certain this isn’t going to be broken by a rogue Dropbox employee or anyone else. KeePass is open source.

    If you want to try Dropbox, get an additional 250MB by using this linkie: https://www.getdropbox.com/referrals/NTE4MzA4NTk

    With KeePass, and optionally Dropbox, you are in control of where and how your data is stored.