When you install magmi and you access magmi/web/magmi.php initial login/pass will be “magmi/magmi”. After you setup db connection info it will use magento back office login/password.
create magmi/.htaccess
Order deny,allow
Deny from all
then create magmi/web/.htaccess
Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]