Using SFTP or SCP to administer blogs are the safest and will protect you from people sniffing your LAN/WLAN.
As for storing passwords in browsers, FTP clients, etc. I would recommend http://www.keepassx.org/ same as KeePass that was mentioned earlier but open source and cross platform. Let's you store all your password in an encrypted file. So you got all your passwords ready to copy-and-paste after typing one password. Encrypted File System (EFS) will not help against viruses, as the filesystem is unencrypted while it's running. It's only good as long as the computer is off, but is very good to have if your laptop gets stolen. But everything helps. In my case I always use highly random passwords that I copy-and-paste from KeePassX. I use Linux that still isn't as targeted as Windows (yet). And I ALWAYS administer the sites using secure channels like SFTP, SSH, SCP, or HTTPS as long it's possible. > Better still, I have switched to using SFTP loggins everytime. Atleast > it provides more safety than sending passwords in plain-text. > > On Sat, Jul 25, 2009 at 1:02 AM, Kirk M<[email protected]> wrote: >> I also, as a rule, don't store passwords locally. The single exception >> to >> this is FileZilla (Windows install) as it seems to give me no choice in >> the >> matter. And since it sends FTP login data to the server in plain text >> anyway >> does it really matter as long as your firewall and anti-malware >> protection >> is fully up to date? This is for local protection only since you can't >> do a >> damn thing once you hit the "Connect" button in FileZilla and your login >> data is out there for everyone to see. >> >> And for these folks who found their sites had been hacked, what OS were >> they >> running? If Windows, we're they properly protected (firewall? >> Anti-malware >> program? Which brand?) >> >> Just thinking out loud there... >> >> Just on the off-chance that this has affected my Windows machine and >> possibly any blogs I administer via FTP (all on the same host) I did a >> full >> anti-malware scan on my Windows partition and thoroughly checked the >> sites I >> administer and everything's clean. >> >> One thing I have to wonder about though. On a Windows (desktop) system >> would >> using Windows "Encrypting File System" (EFS) to encrypt the FileZilla >> (settings) folder and it's .xml files help prevent this type of thing >> from >> happening locally? >> >> On 7/24/2009 10:09 AM, Jennifer Hodgdon wrote: >>> >>> Doesn't anyone besides me think it is a poor security practice to store >>> FTP credentials on their PC at all? I realize it is a bit inconvenient >>> at times to have to remember passwords, but if your FTP software is >>> storing credentials in an unencrypted file, I think it is a HUGE >>> security risk to let it store your FTP passwords. This also goes for >>> your browser storing login passwords for your sites. >>> >>> --Jennifer >>> >>> Chris Jean wrote: >>>> >>>> I did a lot of reading on this subject to ensure that I knew the full >>>> scope of it. It's quite clear to me that the stolen FTP credentials >>>> are >>>> definitely the cause of this specific issue: >>>> >>>> * Malicious “Income†IFrames from .CN Domains http://bit.ly/NgWFA >>>> * Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53 >>>> >>>> That said, you are quite right that getting a virus on your local >>>> machine isn't the only problem. It is very important for WordPress >>>> users >>>> to be aware that their site can be compromised by poor security >>>> practices on or off their server. >>> >> _______________________________________________ >> wp-testers mailing list >> [email protected] >> http://lists.automattic.com/mailman/listinfo/wp-testers >> > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
