Keeping an FTP login in your laptop - GoFuckYourself.com

czarina · 10-04-2013, 07:55 AM

I usually work from my desktop but lately I've started using my laptop for work. So I installed FTP in it and being a little paranoid, I did not save my password in the FTP program. I'm worried if my laptop gets stolen, they can get into my servers and not only steal but delete everything. But it's so uncomfortable to have to enter my password every time!

What are your thoughts on this? How do you handle it?

CaptainWolfy · 10-04-2013, 08:14 AM

depending on program you use for ftp, try roboform, or lastpass, i use last pass and if something get's stolen i just change the main password!

acctman · 10-04-2013, 09:05 AM

i use winSCP as my FTP program and it has a master access password. I can get all my sftp logins for sites but a program access password must be entered before the app loads and logs into any FTP site

Mr. Stiff · 10-04-2013, 09:07 AM

http://www.safe-in-cloud.com/en/ .. they have a PC version too

Vapid - BANNED FOR LIFE · 10-04-2013, 09:14 AM

Truecrypt your hard drive and ip restrict your ftp server port with a firewall.
That's how you can save your password.

BareBacked · 10-04-2013, 09:16 AM

install true crypt
and change the path to the FTP stored into to be on a an encrypted virtual drive
then you need to mount the drive for ftp to work
no one would ever know what the file was that contained the info

BareBacked · 10-04-2013, 09:24 AM

Quote:

Originally Posted by Vapid

Truecrypt your hard drive and ip restrict your ftp server port with a firewall.
That's how you can save your password.

yes

facialfreak · 10-04-2013, 04:02 PM

Keep your passwords ENCRYPTED on a USB thumbdrive ....

There are many encrypted password keeper programs made specifically for this purpose

Like a car or your front door .... you cannot use it without first putting in the key!!

livexxx · 10-04-2013, 04:45 PM

Try a http://www.yubico.com , we issue them for 2 factor registration and lock it all down and use a port knocker. So then at least if they try the FTP on its own it wont work unless they port knock first

livexxx · 10-04-2013, 04:46 PM

Port Knockers on non white listed IP addresses on your firewall should be in place regardless

InfoGuy · 10-04-2013, 05:09 PM

FTP isn't an encrypted protocol and if you're using your laptop with WIFI, it's possible someone can steal your passwords.

10-05-2013, 08:33 PM

How about just keeping your OS user account locked with a password and your server company phone number on hand. I seriously doubt the common thiefs first mission is to log in to your sites and delete everything. Then again, maybe you are a secret agent and in that case should speak with Q.

Vapid - BANNED FOR LIFE · 10-05-2013, 09:55 PM

Quote:

Originally Posted by BareBacked

yes

I do rad.

mortenb · 10-06-2013, 02:32 AM

Quote:

Originally Posted by InfoGuy

FTP isn't an encrypted protocol and if you're using your laptop with WIFI, it's possible someone can steal your passwords.

Yeah, it's time to stop using FTP. At least use SFTP if you like the FTP way of doing things.

fris · 10-06-2013, 02:36 AM

sftp + key only + host check

Vapid - BANNED FOR LIFE · 10-06-2013, 03:56 AM

Sftp is sshd ftp is windows.

just a punk · 10-06-2013, 04:18 AM

Quote:

Originally Posted by czarina

I usually work from my desktop but lately I've started using my laptop for work. So I installed FTP in it and being a little paranoid, I did not save my password in the FTP program. I'm worried if my laptop gets stolen, they can get into my servers and not only steal but delete everything. But it's so uncomfortable to have to enter my password every time!

What are your thoughts on this? How do you handle it?

The solution is very simple. Install TrueCrypt and create an encrypted volume for your FTP clients, passwords, notes and other personal information. If your laptop will be stolen, nobody will be able to get your sensitive info.

just a punk · 10-06-2013, 04:20 AM

SFTP and other protected protocols are not necessary if you are behind VPN.

nexcom28 · 10-08-2013, 05:57 AM

I never understood why programs like filezilla didn't come with the option of requiring a password to login. How hard can it be to add that feature?

thumbuilderic · 10-08-2013, 06:16 AM

You could use a CIDR filter to restrict access from certain IPv4 blocks. I use AWS and they have numerous safeguards against such concerns.

If your host supports SFTP, you should move to that immediately and configure a public/private key. Store your private certificate file in an encrypted volume, USB drive, or in a secure cloud service like Dropbox. I use 1Password. They have an iPhone app that syncs with the desktop version (sells for $60 but worth much more!) that has saved my ass on numerous occasions. Then, use 1Password's built-in generator to generate a bulletproof password for Dropbox and you should be pretty secure.

If your host doesn't support SFTP, then use 1Password to generate a bulletproof password for your FTP address but don't save it in the client. Avoid any common names or dictionary words, or anything that could be easily brute-forced. Don't store any passwords on your computer in Excel files or anything - 1Password (or another comparable service) can track them for you. I use a 32-character mnemonic master password that is not written down anywhere to lock down my other passwords.

Also, another nice feature of 1Password is that it allows you to log in and copy passwords to the clipboard without ever revealing them. No need to enter in lengthy, tedious passwords each time.

Godspeed.

bigluv · 10-08-2013, 11:48 AM

Your laptop is probably more physically secure than electronically secure.

Also, thieves who will steal your laptop physically are less likely to be interested in your data, FTP passwords, etc.

I would evaluate your priorities sensibly and then examine the advice in this thread.

Klen · 10-08-2013, 12:15 PM

There is like thousand ways to protect data,most of info posted here will do the job.
To determine what will be best for you,you need to determine ration between paranoia and comfortability - for example,if you use program like roboform with single master pass,you will access your data very fast but you will also have a single point of failure.You can fix that problem with having several walls of protection,for example first to use roboform to store passes,and second wall would be entire hard drive encrypted with truecrypt or any other program which encrypt entire drive.So if someone breaks a password of truecrpyt,he will still need to break password of roboform as well.Also you need to pick between offline and online storage(as roboform passes can be stored both way)-if you are too paranoid,you will avoid online storage,but online storage is great since then you always get data updated when using several computers.And while storing data online is risk to get penetrated by online invaders,it again protect against offline invaders.

livexxx · 10-08-2013, 01:52 PM

Hire one member of the website team as a security officer?

RyuLion · 10-08-2013, 01:58 PM

Quote:

Originally Posted by facialfreak

Keep your passwords ENCRYPTED on a USB thumbdrive ....

There are many encrypted password keeper programs made specifically for this purpose

Like a car or your front door .... you cannot use it without first putting in the key!!

BINGO! This is what I've been telling everyone for the last 10+ years, I see with a laptop..

czarina · 10-09-2013, 08:27 AM

thanks guys! Reading through Truecrypt right now, should be implementing it today.

Vapid - BANNED FOR LIFE · 10-09-2013, 08:29 AM

Yeah my ideas are prime time baby.

10-04-2013, 07:55 AM	#1
czarina Webmaster Extraordinaire Industry Role: Join Date: Jul 2002 Location: A beautiful beach... Posts: 10,740	Keeping an FTP login in your laptop I usually work from my desktop but lately I've started using my laptop for work. So I installed FTP in it and being a little paranoid, I did not save my password in the FTP program. I'm worried if my laptop gets stolen, they can get into my servers and not only steal but delete everything. But it's so uncomfortable to have to enter my password every time! What are your thoughts on this? How do you handle it?

10-04-2013, 09:07 AM	#4
Mr. Stiff So Fucking Stiff! Industry Role: Join Date: Oct 2005 Posts: 493	http://www.safe-in-cloud.com/en/ .. they have a PC version too __________________ ICQ 208807506

10-04-2013, 09:16 AM	#6
BareBacked Confirmed User Join Date: Feb 2007 Location: www.BareBacked.com Posts: 3,685	install true crypt and change the path to the FTP stored into to be on a an encrypted virtual drive then you need to mount the drive for ftp to work no one would ever know what the file was that contained the info __________________ NEW SITE PAYING $30 for a $1 TRIAL Selfies

10-04-2013, 04:02 PM	#8
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	Keep your passwords ENCRYPTED on a USB thumbdrive .... There are many encrypted password keeper programs made specifically for this purpose Like a car or your front door .... you cannot use it without first putting in the key!! __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

10-04-2013, 04:45 PM	#9
livexxx Confirmed User Industry Role: Join Date: May 2005 Location: UK Posts: 1,201	Try a http://www.yubico.com , we issue them for 2 factor registration and lock it all down and use a port knocker. So then at least if they try the FTP on its own it wont work unless they port knock first __________________ http://www.webcamalerts.com for auto tweets for web cam operators

10-04-2013, 08:14 AM	#2
CaptainWolfy Playa Industry Role: Join Date: Dec 2005 Location: Somewhere on the Earth Posts: 8,439	depending on program you use for ftp, try roboform, or lastpass, i use last pass and if something get's stolen i just change the main password!

10-04-2013, 09:05 AM	#3
acctman Confirmed User Join Date: Oct 2003 Location: Atlanta Posts: 2,840	i use winSCP as my FTP program and it has a master access password. I can get all my sftp logins for sites but a program access password must be entered before the app loads and logs into any FTP site

10-04-2013, 09:14 AM	#5
Vapid - BANNED FOR LIFE Barterer Industry Role: Join Date: Aug 2004 Posts: 4,864	Truecrypt your hard drive and ip restrict your ftp server port with a firewall. That's how you can save your password.

10-04-2013, 04:46 PM	#10
livexxx Confirmed User Industry Role: Join Date: May 2005 Location: UK Posts: 1,201	Port Knockers on non white listed IP addresses on your firewall should be in place regardless __________________ http://www.webcamalerts.com for auto tweets for web cam operators

10-04-2013, 05:09 PM	#11
InfoGuy 80/20 Rule Industry Role: Join Date: Apr 2010 Location: Los Angeles Posts: 3,051	FTP isn't an encrypted protocol and if you're using your laptop with WIFI, it's possible someone can steal your passwords. __________________ Support American Heroes \| How Bad is My Batch? \| Vaccine Deaths & Adverse Reactions \| Free Speech Coalition \| <WARNING> ePayService / Guerra Capital, INC / MTACC payments \| Flirt4Free Fucks their Affiliates \| Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said: "If it was up to me, they would have shot all 30,000 of those country loving shitheads"

10-05-2013, 08:33 PM	#12
Rat King Guest Posts: n/a	How about just keeping your OS user account locked with a password and your server company phone number on hand. I seriously doubt the common thiefs first mission is to log in to your sites and delete everything. Then again, maybe you are a secret agent and in that case should speak with Q.

10-06-2013, 02:36 AM	#15
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,229	sftp + key only + host check __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

10-06-2013, 03:56 AM	#16
Vapid - BANNED FOR LIFE Barterer Industry Role: Join Date: Aug 2004 Posts: 4,864	Sftp is sshd ftp is windows.

10-06-2013, 04:20 AM	#18
just a punk So fuckin' bored Industry Role: Join Date: Jun 2003 Posts: 32,381	SFTP and other protected protocols are not necessary if you are behind VPN. __________________ Obey the Cowgod

10-08-2013, 05:57 AM	#19
nexcom28 So Fucking Banned Join Date: Jan 2005 Posts: 3,716	I never understood why programs like filezilla didn't come with the option of requiring a password to login. How hard can it be to add that feature?

10-08-2013, 06:16 AM	#20
thumbuilderic Just some porn guy Industry Role: Join Date: Aug 2012 Location: LA Posts: 365	You could use a CIDR filter to restrict access from certain IPv4 blocks. I use AWS and they have numerous safeguards against such concerns. If your host supports SFTP, you should move to that immediately and configure a public/private key. Store your private certificate file in an encrypted volume, USB drive, or in a secure cloud service like Dropbox. I use 1Password. They have an iPhone app that syncs with the desktop version (sells for $60 but worth much more!) that has saved my ass on numerous occasions. Then, use 1Password's built-in generator to generate a bulletproof password for Dropbox and you should be pretty secure. If your host doesn't support SFTP, then use 1Password to generate a bulletproof password for your FTP address but don't save it in the client. Avoid any common names or dictionary words, or anything that could be easily brute-forced. Don't store any passwords on your computer in Excel files or anything - 1Password (or another comparable service) can track them for you. I use a 32-character mnemonic master password that is not written down anywhere to lock down my other passwords. Also, another nice feature of 1Password is that it allows you to log in and copy passwords to the clipboard without ever revealing them. No need to enter in lengthy, tedious passwords each time. Godspeed.

10-08-2013, 11:48 AM	#21
bigluv Confirmed User Join Date: Jul 2008 Posts: 850	Your laptop is probably more physically secure than electronically secure. Also, thieves who will steal your laptop physically are less likely to be interested in your data, FTP passwords, etc. I would evaluate your priorities sensibly and then examine the advice in this thread.

10-08-2013, 12:15 PM	#22
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	There is like thousand ways to protect data,most of info posted here will do the job. To determine what will be best for you,you need to determine ration between paranoia and comfortability - for example,if you use program like roboform with single master pass,you will access your data very fast but you will also have a single point of failure.You can fix that problem with having several walls of protection,for example first to use roboform to store passes,and second wall would be entire hard drive encrypted with truecrypt or any other program which encrypt entire drive.So if someone breaks a password of truecrpyt,he will still need to break password of roboform as well.Also you need to pick between offline and online storage(as roboform passes can be stored both way)-if you are too paranoid,you will avoid online storage,but online storage is great since then you always get data updated when using several computers.And while storing data online is risk to get penetrated by online invaders,it again protect against offline invaders. Last edited by Klen; 10-08-2013 at 12:17 PM..

10-08-2013, 01:52 PM	#23
livexxx Confirmed User Industry Role: Join Date: May 2005 Location: UK Posts: 1,201	Hire one member of the website team as a security officer? __________________ http://www.webcamalerts.com for auto tweets for web cam operators

10-09-2013, 08:27 AM	#25
czarina Webmaster Extraordinaire Industry Role: Join Date: Jul 2002 Location: A beautiful beach... Posts: 10,740	thanks guys! Reading through Truecrypt right now, should be implementing it today.

10-09-2013, 08:29 AM	#26
Vapid - BANNED FOR LIFE Barterer Industry Role: Join Date: Aug 2004 Posts: 4,864	Yeah my ideas are prime time baby.