FileZilla is perhaps the best and most popular FTP client that works across a number of platforms like Windows, Linux and Mac. I personally have used FileZilla for a number of years and I am quite pleased with this open-source FTP client. My only pet peeve with FileZilla has been all these years is that it does not encrypt the passwords stored in the database. The FileZilla configuration file FileZilla.XML could be opened in any text editor to see all the stored passwords. This is why I wrote the article about encrypting passwords in FileZilla using AES Crypt.
But this has changed with the version 3.26 of FileZilla FTP client. Now you have the option to encrypt the saved passwords built inside FileZilla itself. You no longer have to use any external tool to protect your saved passwords. This is how you can configure FileZilla to encrypt your saved passwords:
- Update FileZilla FTP client to version 3.26 or above.
- Launch FileZilla and select Edit → Settings from the menubar.
- In the Settings window click on Interface in the left side and then select Save passwords protected by a master password from the right-side from under the “Passwords” section.
- Type in the master password twice that is used for encrypting your saved login information. Click on the OK button and you are done.
- Now whenever you try to login to an FTP server using the saved information in the Site Manager, it will show a window asking you to enter the master password. Without supplying this password you cannot login to that saved FTP server or even view the saved passwords.
FileZilla is using a very strong AES cipher to encrypt the passwords. All the passwords are encrypted through AES 256 and they cannot be decrypted in the lifetime of a potential attacker. The only caution you have to take is to choose a strong master password. You can use out PassGen utility to generate a strong password for this.
You can download the latest version of FileZilla FTP client from https://filezilla-project.org/.