Keeping an FTP login in your laptop
 

I usually work from my desktop but lately I've started using my laptop for work. So I installed FTP in it and being a little paranoid, I did not save my password in the FTP program. I'm worried if my laptop gets stolen, they can get into my servers and not only steal but delete everything. But it's so uncomfortable to have to enter my password every time!

What are your thoughts on this? How do you handle it?

depending on program you use for ftp, try roboform, or lastpass, i use last pass and if something get's stolen i just change the main password!

i use winSCP as my FTP program and it has a master access password. I can get all my sftp logins for sites but a program access password must be entered before the app loads and logs into any FTP site

http://www.safe-in-cloud.com/en/ .. they have a PC version too

Truecrypt your hard drive and ip restrict your ftp server port with a firewall.
That's how you can save your password.

install true crypt
and change the path to the FTP stored into to be on a an encrypted virtual drive
then you need to mount the drive for ftp to work
no one would ever know what the file was that contained the info

yes :2 cents::2 cents::2 cents:

Keep your passwords ENCRYPTED on a USB thumbdrive ....

There are many encrypted password keeper programs made specifically for this purpose

Like a car or your front door .... you cannot use it without first putting in the key!!

Try a http://www.yubico.com , we issue them for 2 factor registration and lock it all down and use a port knocker. So then at least if they try the FTP on its own it wont work unless they port knock first

Port Knockers on non white listed IP addresses on your firewall should be in place regardless

FTP isn't an encrypted protocol and if you're using your laptop with WIFI, it's possible someone can steal your passwords.

How about just keeping your OS user account locked with a password and your server company phone number on hand. I seriously doubt the common thiefs first mission is to log in to your sites and delete everything. Then again, maybe you are a secret agent and in that case should speak with Q.

I do rad.

Yeah, it's time to stop using FTP. At least use SFTP if you like the FTP way of doing things.

sftp + key only + host check

Sftp is sshd ftp is windows.

The solution is very simple. Install TrueCrypt and create an encrypted volume for your FTP clients, passwords, notes and other personal information. If your laptop will be stolen, nobody will be able to get your sensitive info.

SFTP and other protected protocols are not necessary if you are behind VPN.

I never understood why programs like filezilla didn't come with the option of requiring a password to login. How hard can it be to add that feature?

You could use a CIDR filter to restrict access from certain IPv4 blocks. I use AWS and they have numerous safeguards against such concerns.

If your host supports SFTP, you should move to that immediately and configure a public/private key. Store your private certificate file in an encrypted volume, USB drive, or in a secure cloud service like Dropbox. I use 1Password. They have an iPhone app that syncs with the desktop version (sells for $60 but worth much more!) that has saved my ass on numerous occasions. Then, use 1Password's built-in generator to generate a bulletproof password for Dropbox and you should be pretty secure.

If your host doesn't support SFTP, then use 1Password to generate a bulletproof password for your FTP address but don't save it in the client. Avoid any common names or dictionary words, or anything that could be easily brute-forced. Don't store any passwords on your computer in Excel files or anything - 1Password (or another comparable service) can track them for you. I use a 32-character mnemonic master password that is not written down anywhere to lock down my other passwords.

Also, another nice feature of 1Password is that it allows you to log in and copy passwords to the clipboard without ever revealing them. No need to enter in lengthy, tedious passwords each time.

Godspeed.

Your laptop is probably more physically secure than electronically secure.

Also, thieves who will steal your laptop physically are less likely to be interested in your data, FTP passwords, etc.

I would evaluate your priorities sensibly and then examine the advice in this thread.

There is like thousand ways to protect data,most of info posted here will do the job.
To determine what will be best for you,you need to determine ration between paranoia and comfortability - for example,if you use program like roboform with single master pass,you will access your data very fast but you will also have a single point of failure.You can fix that problem with having several walls of protection,for example first to use roboform to store passes,and second wall would be entire hard drive encrypted with truecrypt or any other program which encrypt entire drive.So if someone breaks a password of truecrpyt,he will still need to break password of roboform as well.Also you need to pick between offline and online storage(as roboform passes can be stored both way)-if you are too paranoid,you will avoid online storage,but online storage is great since then you always get data updated when using several computers.And while storing data online is risk to get penetrated by online invaders,it again protect against offline invaders.

Hire one member of the website team as a security officer?

BINGO! This is what I've been telling everyone for the last 10+ years, I see with a laptop..:2 cents:

thanks guys! Reading through Truecrypt right now, should be implementing it today.

Yeah my ideas are prime time baby.