When you install magmi and you access magmi/web/magmi.php initial login/pass will be “magmi/magmi”. After you setup db connection info it will use magento back office login/password.

create magmi/.htaccess

Order deny,allow
Deny from all

then create magmi/web/.htaccess

Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]