Most of the time, these malwares were eradicated and cleaned in a few seconds, but the data was stolen. Using critical flaws in third party softwares (namely flash and acrobat reader) these malwares were able to steal the XML passowrd file Filezilla uses to store the passwords. I think one of the main reason people advise to move away from Filezilla is clearly the fact passwords are stored as plain text and thus, easilly stolen.įilezilla bad reputation began some years ago when some malwares began to target specifically Filezilla. Doing this, you're storing the encryption key somewhere where malware don't have access you're storing the encryption key (or rather, the password from which the encryption key is derived) in your brain.įinally (and perhaps this is a bit outside the scope of your question), please make sure you move away from FTP in favor of SFTP. There are also many guides on the Internet about how to integrate KeePass with FileZilla. Then start using KeePass to store your account credentials. Your best option here is to disable password storage in FileZilla Meaning they will also have access to the encryption keys or the keys encrypting the encryption keys and so on. If a malware is running on your user account, they have as much access to what you (or any other application running at the same level) have. You see, encrypting the credentials requires an encryption key which needs to be stored somewhere. Yes, it's storing passwords in plaintext, but the alternatives are only slightly more secure. FileZilla per se isn't inherently insecure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |