Recently I have just updated my FileZilla which I like so much that I chose it as the default FTP program on my OS X. However, after upgrading to FileZilla 3, I started seeing the following error message: FileZilla is running in kiosk mode. ‘Normal’ and ‘Account’ logontypes are not available in this mode.
It took me a while to understand what “kiosk mode” exactly is and why I kept getting this alert. Here is what I learned and I hope sharing it will help those who are experiencing similar problems.
What Is “kiosk mode” and Why?
To understand FileZilla’s “kiosk mode”, you first need to know how FileZilla keeps FTP passwords. FileZilla saves all FTP passwords as plain text in a XML file named sitemanager.xml. On a Mac, you can find this file at: “~/.filezilla/sitemanager.xml”. Below is what the sitemanager.xml looks like.
You can see the password “anyonecanseethis” is in clear text format. If someone gets a hold of this XML file, that person will have all your FTP passwords (not so good…). Disappointedly, FileZilla doesn’t have a built-in feature to securely store your FTP passwords in encrypted format.
To avoid this security risk, FileZilla has added a new feature called “kiosk mode” since version 3.1.2-rc1 (2008-08-24). When running in “kiosk mode”, FileZilla will not save any passwords, instead you will be prompted to enter the password each time you’re connecting to the FTP server. This change has made FileZilla more secure but also brought inconvenience to users.
You have 3 options if you don’t want to see the “FileZilla is running in kiosk mode.” error.
Option 1: Disable the “kiosk mode”
If you don’t care about FileZilla saving your passwords in clear-text format, you can disable the default “kiosk mode” (not recommended). After you turn off the “kiosk mode”, you will no longer getting the “FileZilla is running in kiosk mode” error. To disable “kiosk mode”, go to Preferences=>Interface, under “Behavior”, uncheck “Do not save passwords”.
Option 2: Stick to “kiosk mode”
“Kiosk mode” was added to FileZilla to enhance its security. Though inconvenient, it is safter than having passwords saved in a XML file which is human readable. Instead of turning off this feature, you should start using it and getting used to it. But if you’re managing a lot of FTP sites (eg: over 50), this is not a viable solution. You may need to use another application (maybe lastpass?) to store all your FTP credentials and then copy the passwords into FileZilla each time you use it; That’s a lot of work.
Option 3: Find an alternative to FileZilla
The last option is simply using a different FTP program. I found Cyberduck is extremely easy to use and is packed with many useful features. It stores your FTP passwords using the system’s Keychain App so your FTP passwords are encrypted. This is a lot safer than keeping the unencrypted passwords in a plain XML file meanwhile you dont’ have to type in the password yourself every time.
Option 3 worked best for me because I am managing large numbers of ftp sites. Though I like FileZilla very much, until FileZilla provides a secure password manager, I will stick with other FTP clients for now.