FileZilla Pro Enterprise Server supports Second Factor Authentication (2FA), a two-step verification authentication service based on the Time-based One-time Password (TOTP) algorithm.
TOTP works by generating a unique numeric code that changes at regular intervals, typically every 30 seconds. This code is synchronized between the server and the user’s device. When logging in, the user enters the current code displayed on their device, which is verified by the server. FileZilla Pro Enterprise Server accepts 3 codes: immediately previous, current, and next. This accounts for time differences and entry delays. To verify the server time setting, check if your operating system is configured to “Synchronize with an Internet Time server”.
2FA works with all types of credentials, but Do not require authentication. To activate that for a user you need to select the Use a time based OTP (TOTP) option.
Click on the Generate button to create a secret key. Alternatively you can enter a secret key yourself, note that it must be a valid string long at least 16 base32 characters (A–Z, followed by 2–7). If the secret key matches the criteria then the Copy to clipboard button becomes active.
The copy to clipboard function helps you to temporarily store the secret key so that you can paste it somewhere
to communicate it securely to the user.
The user will need to enter the secret key in their preferred TOTP-capable authenticator app, such as Google Authenticator where they need to click on the + button and then select Enter a setup key and enter it.
Users using either the FileZilla or FileZilla Pro client must first add a new entry in their time-based one-time
password generator, such as Google Authenticator, by entering the provided secret code.
Connecting to FileZilla Pro Enterprise Server with 2FA
Depending on your client and protocol, TOTP authentication works as follows:
1. FileZilla (Pro) – FTP/FTPS
- Enter host, port, username, and password as usual.
- If 2FA is enabled, you will be prompted to enter your TOTP after your password.
Example:
Host: ftp.example.com Port: 21 Username: user Password: yourpassword
After entering your password, a second prompt will request your TOTP.
2. FileZilla (Pro) – SFTP
- In Site Manager, set Login Type to Interactive.
- When connecting, you will receive two prompts: first for your password, then for your TOTP.
Example:
Prompt 1: Password → enter your password Prompt 2: TOTP → enter your one-time code
3. Other clients – FTP/FTPS
- Enter your password in the following format:
totp;password, wheretotpis the one-time code from your authenticator app.
Example:
TOTP: 123456 Password: mypassword Enter in client as: 123456;mypassword
4. Other clients – SFTP
- If your client supports keyboard-interactive login, you will get separate prompts for your TOTP and password.
- If your client only supports password authentication, use the same concatenation method as FTP/FTPS:
totp;password.
Note: Always enter your TOTP immediately before your password if concatenation is required, with no spaces.
The video tutorial below shows how to set up a second factor authentication with FileZilla Pro Enterprise Server.
Video tutorial: FileZilla Pro Enterprise Server: How to Set Up a Second Factor Authentication
Related Topic: