FileZilla integrates master password support
The developers of the FTP client program FileZilla have integrated support for a master password protection in the FTP software.
FileZilla is a popular FTP client that you may use to access FTP servers that are in a private network or on the Internet.
While you can use modern web browsers for that as well, they don't offer the comfort options that dedicated programs like FileZilla bring to the table. That may be okay for a quick download from an FTP server, but if you need to upload or edit files for instance, you cannot make use of web browsers for that (unless you install browser extensions that add support for that).
FileZilla allows you to connect to FTP servers using temporary data, or by adding FTP server data to the program. The latter is useful if you happen to connect to a server regularly, as you don't have to enter server address, username, password and maybe port each time you need to connect to it.
FileZilla Master Password
FileZilla stores information about sites that you add to the program in the file sitemanager.xml by default. It is a plain text file that anyone with access can open to list the configured sites. Passwords are encoded using base64 encoding, but are easily decoded using online services such as Base64 Decoded.
This changes with the upcoming release of FileZilla 3.26.0 (available as a Release Candidate currently), as it adds a master password option to the FTP program.
You can set up a master password to protect all saved passwords of FileZilla in the following way:
- Make sure you have FileZilla 3.26.0 or higher installed on your system.
- Open FileZilla.
- Select Edit > Settings.
- Switch to the Interface page.
- There you find the passwords section. The default is set to save passwords.
- Select "save passwords protected by a master password" from the list, and enter the desired password. It needs to have at least eight characters.
- Select OK to save the change.
Note that all passwords are protected by the master password from that moment on.
FileZilla prompts you for the master password when you connect to the first saved site. You are asked to enter it in the prompt, and may select the "remember option" so that you are not prompted again during the same session.
If you don't want that, remove the checkmark from the option before you click on ok.
Closing words
Adding a master password improves the security of saved FTP sites significantly. You do need to make sure however to remember the password, as you will lose access to all sites if you cannot enter it correctly anymore when prompted for it.
Unfortunately this is not the default for Linux, so we’re still struggling with an unsecure FileZilla. What a drag.
What’s wrong with WinSCP? In the FileZilla Secure website they mention: “So despite loving FileZilla I switched to WinSCP which has master password support. It was slow and the interface was horrible but what could I do?”
Not really the most elegant of descriptions but anyway, never had “slowness” or any type of issues with it.
Good point. Have been using Filezilla Secure and expect it will now be less relevant.
If it wasn’t for the Filezilla Secure fork last year this never would have happened.
Finally!
No sh*tski. Took forever.
holy crap about time