FileZilla in Kiosk Mode

Fix the “FileZilla is running in kiosk mode” Error

Michael Allen iFix 9 Comments

I like FileZilla so much that I chose it as the default FTP program on my Mac. However, after upgrading to FileZilla 3, I started seeing the following error message: FileZilla is running in kiosk mode. ‘Normal’ and ‘Account’ logontypes are not available in this mode.
FileZilla is running in kiosk mode. 'Normal' and 'Account' logontypes are not available in this mode.

It took me a while to understand what “kiosk mode” exactly is and why I kept getting this alert. Here is what I learned and I hope sharing it will help those who are experiencing similar problems.

What Is “kiosk mode” and Why?

To understand FileZilla’s “kiosk mode”, you first need to know how FileZilla keeps FTP passwords. FileZilla saves all FTP passwords as plain text in a XML file named sitemanager.xml. On a Mac, you can find this file at: “~/.filezilla/sitemanager.xml”. Below is what the sitemanager.xml looks like.

        <Server>
            <Host>filezilla.org</Host>
            <Port>21</Port>
            <User>filezilla</User>
            <Pass>anyonecanseethis</Pass>
            <Logontype>1</Logontype>
        </Server>

You can see the password “anyonecanseethis” is in clear text format. If someone gets a hold of this XML file, that person will have all your FTP passwords (not so good…). Disappointedly, FileZilla doesn’t have a built-in feature to securely store your FTP passwords in encrypted format.

To avoid this security risk, FileZilla has added a new feature called “kiosk mode” since version 3.1.2-rc1 (2008-08-24). When running in “kiosk mode”, FileZilla will not save any passwords, instead you will be prompted to enter the password each time you’re connecting to the FTP server. This change has made FileZilla more secure but also brought inconvenience to users.

Solutions

You have 3 options if you don’t want to see the “FileZilla is running in kiosk mode.” error.

  1. Option 1: Disable the “kiosk mode”

    If you don’t care about FileZilla saving your passwords in clear-text format, you can disable the default “kiosk mode” (not recommended). After you turn off the “kiosk mode”, you will no longer getting the “FileZilla is running in kiosk mode” error. To disable “kiosk mode”, go to Preferences=>Interface, under “Behavior”, uncheck “Do not save passwords”.
    Disable FileZilla Kiosk Mode

  2. Option 2: Stick to “kiosk mode”

    “Kiosk mode” was added to FileZilla to enhance its security. Though inconvenient, it is safter than having passwords saved in a XML file which is human readable. Instead of turning off this feature, you should start using it and getting used to it. But if you’re managing a lot of FTP sites (eg: over 50), this is not a viable solution. You may need to use another application (maybe lastpass?) to store all your FTP credentials and then copy the passwords into FileZilla each time you use it; That’s a lot of work.

  3. Option 3: Find an alternative to FileZilla

    The last option is simply using a different FTP program. I found Cyberduck is extremely easy to use and is packed with many useful features. It stores your FTP passwords using the system’s Keychain App so your FTP passwords are encrypted. This is a lot safer than keeping the unencrypted passwords in a plain XML file meanwhile you dont’ have to type in the password yourself every time.

Summary

Option 3 worked best for me because I am managing large numbers of ftp sites. Though I like FileZilla very much, until FileZilla provides a secure password manager, I will stick with other FTP clients for now.

Image Credit: Kristaps Bergfelds

Michael AllenFix the “FileZilla is running in kiosk mode” Error

Comments 9

  1. Jason

    I am in agreement with Bob and David. How utterly retarded! Upated FileZilla, and now all my passwords are silently nixed. Thanks FileZilla!

  2. Dave

    Ridiculous, completely retarded move, no warning, just hop on into my machine and delete all my passwords? Tossers, I had a load of server logins set up a long time ago which can not be easily retrieved, Mozilla you bunch of absolute morons.

  3. bob

    What a boneheaded move. I had over 100 ftp sites and passwords saved in filezilla. This change erased all my stored passwords. Now I have to make 100 phone calls to get them back. Time for a new ftp client. I can’t believe they would do this with out even a warning dialog. Ridiculous.

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *