The developers of the FTP client program FileZilla have integrated support for a master password protection in the FTP software.
FileZilla is a popular FTP client that you may use to access FTP servers that are in a private network or on the Internet.
While you can use modern web browsers for that as well, they don't offer the comfort options that dedicated programs like FileZilla bring to the table. That may be okay for a quick download from an FTP server, but if you need to upload or edit files for instance, you cannot make use of web browsers for that (unless you install browser extensions that add support for that).
FileZilla allows you to connect to FTP servers using temporary data, or by adding FTP server data to the program. The latter is useful if you happen to connect to a server regularly, as you don't have to enter server address, username, password and maybe port each time you need to connect to it.
FileZilla stores information about sites that you add to the program in the file sitemanager.xml by default. It is a plain text file that anyone with access can open to list the configured sites. Passwords are encoded using base64 encoding, but are easily decoded using online services such as Base64 Decoded.
This changes with the upcoming release of FileZilla 3.26.0 (available as a Release Candidate currently), as it adds a master password option to the FTP program.
You can set up a master password to protect all saved passwords of FileZilla in the following way:
Note that all passwords are protected by the master password from that moment on.
FileZilla prompts you for the master password when you connect to the first saved site. You are asked to enter it in the prompt, and may select the "remember option" so that you are not prompted again during the same session.
If you don't want that, remove the checkmark from the option before you click on ok.
Adding a master password improves the security of saved FTP sites significantly. You do need to make sure however to remember the password, as you will lose access to all sites if you cannot enter it correctly anymore when prompted for it.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.