Reliability of saving client credentials in Syncro

How reliable is saving credentials on Syncro for clients. I am saving all credentials for clients such as encrypt keys for backups and login details in documentation section.

Will there be a scenario of data loss and/or being compromised. In terms of security I have created a hash to encrypt credentials as per Syncro documentation.

Should I save credentials somewhere else as well.

Many Thanks

Personally I would store it somewhere else (or at least not have Syncro as the only copy) because Syncro has no way to export that data. As a general rules important data should never be only in one location (3-2-1 backup rule for example). If you can’t export it then backup/offline access is impossible. And I’m a little wary of security issues as even companies where storing sensitive data is their primary business have made horrible mistakes (LastPass).

1 Like

Thanks @isaacg

Any service suggestion?

or does the good old password protected excel file, shared between client and myself.

Pretty sure there are cracking tools to easily dispatch any excel security, so no I wouldn’t trust that. Keeper is probably the most popular solution in the MSP space. Bitwarden is another, which has the benefit (depending on your opinion) of being open source and having the option to be self-hosted if you’d like to have it more locked down than a typical cloud solution. I believe both have capabilities for sharing select items with clients.

Hudu or IT Glue for client documentation, and we use Keeper mainly for internal.

1 Like

We are using PasswordState
Enterprise Password Management Software | Web based Server Password Manager (clickstudios.com.au)

But there is no ability for clients to login and obtain their passwords.
Though you could install PasswordState for them, and then charge them a fee to manage it for them. :wink:
We are looking at offering that to our clients.

What I’d like to know is if syncro stored credentials are encrypted still or stored in their servers in a simple format?

IIRC the only encrypted storage is the password vault, if that’s what you’re referring to then yes.

I am talking about the credentials section under each customer, I haven’t seen it referred as password vault before so I am not sure.

“Additionally, the password field is salted and encrypted. The salt is per row. The password is only decrypted and sent to the client at the time that the field is clicked to be shown.”
They are apparently not as secure as the vault or Syncro would require you to type a password each time to decrypt them.

do yourself a favour. vaultwarden_rs.