Providing us with login details securely

From time to time we may ask you to provide us with login details if we believe this is the most efficient way to resolve an issue for you or if you tasked us with providing installation or customisation services.

tl;dr

1. Use encryption
2. Our public key
3. Our IP: 188.166.134.216  (based in Amsterdam, Netherlands)
4. revoke once we are done

We may ask for the following:

1. Magento admin url and login
   The admin url should be secret and is not guessable by us - so please provide us with a link to the admin login page.
   
   We also recommend creating a separate administrator account for us. Please note it is common for attackers to attempt to brute-force admin user account login details (1000s of guesses over a short time period). In other words do not create an admin account like fooman / password123.
2. File access
   In most cases, we would need access to the files with a user account that has write access to all Magento files. For Magento 1 requests we can work with various different options including SSH, FTP or a control panel login.

In an ideal scenario we would only require access to a development or test site but we understand that often this is not available or up-to-date.

Important

Please do not email us these sensitive credentials directly. We recommend using a secure encrypted channel like our Yopass instance here and only sending us the link. Once the credentials are retrieved the message will self destruct. For the duration of the support request we will keep the credentials in our password manager.

If you require our SSH public key please retrieve it from Github here.

If you are able to lock down access via firewall rules we highly recommend you do this. Our IP address is:
188.166.134.216

Once we are finished with the support request please ensure access is revoked again.