Providing us with login details securely (Magento 2)
From time to time we may ask you to provide us with login details if we believe this is the most efficient way to resolve an issue for you or if you tasked us with providing installation or customisation services.
- take a backup
- Use encryption
- Our public key
- Our IP: 188.8.131.52 (based in Amsterdam, Netherlands)
- revoke once we are done
We may ask for the following:
- Magento admin url and login
The admin url should be secret and is not guessable by us - so please provide us with a link to the admin login page.
We also recommend creating a separate administrator account for us. Please note it is common for attackers to attempt to brute-force admin user account login details (1000s of guesses over a short time period). In other words do not create an admin account like fooman / password123.
Starting with Magento 2.4 2FA (two factor authentication) has been made mandatory. As a result having a separate administrator account is needed as we would not be able to reuse an existing admin account to which we do not have access to the corresponding second factor.
- File access
In most cases, we would need access to the command line (SSH) with a user account that has write access to all Magento files.
In an ideal scenario we would only require access to a development or test site but we understand that often this is not available or up-to-date.
Please do not email us these sensitive credentials directly. We recommend using a secure encrypted channel like our Yopass instance here and only sending us the link. Once the credentials are viewed by us the message will self destruct. For the duration of the support request we will keep the credentials in our password manager.
If you require our SSH public key please retrieve it from Github here.
If you are able to lock down access via firewall rules we highly recommend you do this. Our IP address is:
Once we are finished with the support request please ensure access is revoked again.
Please confirm that you have taken a current backup and are able to restore from this if we do run into unlikely but possible issues during troubleshooting.