Encrypt Passwords Using OTP
When you connect to a Site, you can encrypt your password to protect it from interception using the One-Time Password (OTP) scheme. OTP is supported by Globalscape EFT Server, various *nix servers, and a few Windows-based servers.
To enable OTP for a standard FTP Site
-
In the Site Manager, click a Site.
-
On the main menu, click File > Properties.
-
Click the Type tab.
-
In the Protocol typebox, make sure FTP (standard File Transfer Protocol) is selected.
-
In the Password Protection group, specify an encryption method.
-
Not Encrypted - the password is sent unprotected to the server.
-
MD4 - A system that encrypts your password a different way every time it is sent.
-
MD5 - A system like MD4, with more complex encryption scheme.
-
Auto detect OTP - CuteFTP tries to detect the encryption method the server uses.
-
-
Click Connect or OK.
To enable OTP for an FTP over SSL Site
-
On the Site Manager tab, click a Site.
-
On the main menu, click File > Properties.
-
Click the Type tab.
-
In the Protocol typebox, make sure FTP (standard File Transfer Protocol) is selected.
-
In the Password Protection group, specify an encryption method.
-
In Protocol type, select the desired SSL connection mechanism.
-
Click Connect or OK.
Using OTP with SSL adds a redundant layer of protection as SSL authentication already protects the password using a robust encryption mechanism.
OTP is defined in RFC 1938 (replaced by 2289) and was evolved from S/KEY™ , a One-Time Password System originally developed by Bellcore.
CuteFTP supports keyboard-interactive authentication. This authentication method involves connecting to servers with a challenge/response type of password-based authentication, and requires a one-time use password typically generated by hardware or, less commonly, software-based password generators.