I don't handle any client information directly. If you need guidance on secure storage practices, feel free to ask!
I don't handle any client information directly. If you need guidance on secure storage practices, feel free to ask!
Looking for a safer and faster way to manage client details like names, passwords, software keys, etc. I currently use an encrypted Excel file, but it feels less secure. Anyone have suggestions for better cloud or local options that are more robust and easy to access?
The firm managing their technology handles password creation, with some clients using "Password1" and others employing "[company name]*" patterns where the asterisk represents a digit from 1 to 5.
I prefer not to memorize customer passwords, but some insist on it. For the ones I keep, I go a bit extreme. Still, I’m forced because certain clients are personal contacts and they handle sensitive work data on their home computers. The way I manage their security affects whether they’d recommend me to others. I usually use handwritten password images. These are saved in my private cloud (a WD NAS with cloud features), named after the client number. My phone is connected to that cloud. A list of names and numbers lives in an encrypted notebook on my laptop, which runs Linux and has full disk encryption. My laptop can’t reach the cloud or the NAS when I’m at home. If I can’t recall a password, I can search for the client’s number on my phone and then find the password on my device. To breach this information would require both my laptop and phone, each protected by passwords that are hard to guess—numbers, symbols, and random characters. Success is unlikely.
If you’re managing a business with several machines instead of individual users, consider labeling each one with a unique ID on the back and using that number as the filename for the photo. Since you’ll recognize the number from the label, you don’t need to store the devices in encrypted folders. For backups, standard external hard drives work well. Once done, wipe the drives immediately—using DP Shredder for a few passes and CCleaner for seven.
Software credentials can follow similar steps: a handwritten key image saved with a code in your text editor. You might add notes like “MS Office CUSTOMER X = ######” to your documents.
If you don’t have your own encrypted storage, services like Dropbox or iCloud are an option—but treat them carefully and encrypt everything thoroughly.
For extra security, consider why I use handwritten keys instead of typing them: it adds another layer against automated attacks, especially if someone gains access to my NAS and tries to scan for weak passwords. My handwriting isn’t perfect, so it acts like a CAPTCHA.
I stay with you by not sharing data with others. I prefer keeping my own information secure by encrypting it myself, then creating regular backups on a remote, encrypted cloud service. It seems you might benefit from using Keepass—or KeePassX for cross-platform needs.
I thought about using Keepass, but I prefer keeping things divided with tools I fully control. If someone breaks into my NAS and finds the images, they won’t make sense. Even if you somehow get to my laptop and decrypt those files, you’ll end up with just random numbers that don’t tell anything meaningful. You’d need access to both systems to actually retrieve the data. A Keepass file is a single point of entry, always available to anyone who knows how to search for a brute force tool online. Sure, a strong password might slow things down, but it’s still much safer than splitting it across two separate devices.
I previously used Thetycotic Secret Server for storing group passwords... It's available internally within the network, and users receive alerts when someone accesses a shared password.