FileZilla Pro Enterprise Server supports Second Factor Authentication (2FA), a two-step verification authentication service based on the Time-based One-time Password (TOTP) algorithm. It is an important security measure that helps protect sensitive data on servers from unauthorized access.
In FileZilla Pro Enterprise Server, you can enable 2FA for user accounts to add an extra layer of security to the login process and file transfer operations.
Below you find a step by step guide on how to set up 2FA with FileZilla Pro Enterprise server.
How to Set Up Two-Factor Authentication
- Go to the Administration Interface and select Configure from the server menu.
- Select a User in Rights management > Users.
- Select Second Factor Authentication (2FA) and then Use a time-based OTP.
2FA works with all types of credentials, but Do not require authentication.
- Click on the Generate button to create a secret key.
- Communicate the Secret Code.
You will need to enter a secret code manually or let the server generate it for you. If you choose to have the server generate the secret code, a dialog box will pop up, and the code will be automatically copied into the clipboard.
Note: Alternatively you can enter a secret key yourself, note that it must be a valid string long at least 16 base32 characters (A–Z, followed by 2–7). If the secret key matches the criteria then the Copy to clipboard button becomes active.
You need to communicate the secret code to the end-user using a secure channel. This is an important step to ensure the security of your connection.
The copy to clipboard function helps you to temporarily store the secret key so that you can paste it
somewhere to communicate it securely to the user. The user will need to enter the secret key in their
preferred TOTP-capable authenticator app, such as Google Authenticator where they need to click on the + button and then select Enter a setup key and enter it.
How to Connect to the Server
You can connect to the server using the FileZilla client. Before connecting, the user needs to add a new entry in their time-based one-time password generator (for example Google Authenticator):
- Click on the plus sign.
- Enter the secret code.
- Read and enter the one-time password.
- Click on the OK button to connect to the server.
If you are connecting to the server from the same host, enter “127.0.0.1” in the host field,
then enter the username and its password. FileZilla will prompt you for the one-time password generated by Google Authenticator.
Note: To connect to an SFTP server, you’ll need to enter both the one-time password generated by Google Authenticator and the user’s password in the password field separated by a semicolon. If you are connecting to the server from the same host, enter “SFTP colon double 127.0.0.1” in the host field, then enter the username, OTP, semicolon, and password.
If you are not using FileZilla and FileZilla Pro need to use the same approach for FTP and FTPS.
The video tutorial below shows how to set up a second factor authentication with FileZilla Pro Enterprise Server.