10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.

Holy crap

[93+Escort+Wagon]

By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text.

You've got to be kidding me.

Re:I use WinSCP now

[TheOuterLinux]

Where are you getting your FileZilla from to have adware? Neither my Mac or Linux system's versions show ads, and I'm getting it from here: https://filezilla-project.org/. Maybe it's just a Window$ thing?

Re:I use WinSCP now

[Zocalo]

At a guess, SourceForge, or maybe some other third party download mirror site with similar practices, and yeah, AFAIK, it's mostly a Windows thing. SourceForge - and others - went through a period of bundling crapware with tools being downloaded from them, and since they were a popular means for small projects to offset bandwidth costs a lot of projects got bitten until they were forced to provide an opt out - and FileZilla the poster child for projects involved. There was an outcry, as you'd expect, but I have no idea which the mirror sites stopped the practice or not because this pretty much killed my use of them for downloads (sorry, small projects!), but I believe most mirror sites that are claiming to be reputable either no longer do so at all, or at least provide projects an opt out.