Your best friend for file transfer.Fetch
Fetch includes support for several types of security when making connections: SFTP, FTP with TLS/SSL (FTPS), and Kerberos. It also supports the Mac OS keychain for securely storing passwords locally.
The two goals of the security features in Fetch are protecting the privacy and integrity of your Fetch sessions. Protecting privacy means making it harder for anyone to listen in on your Fetch sessions and watch your password and file transfers go by. Protecting integrity means making it more difficult for an attacker to alter your Fetch sessions somewhere between your computer and the server, for the purpose of corrupting data or gaining unauthorized access. Depending on the nature of your use of Fetch, and the sensitivity of your account and data, these features may be anything from pointless (you are on a private network of trusted users, exchanging innocuous data) to vital (you are moving classified files over a public network).
When connecting to a server that supports secure connections, Fetch protects the privacy and integrity of its sessions by arranging with the server to encrypt all the information that it sends over the network. This involves scrambling the information so that it can only be unscrambled by someone with a secret key, which is known to only your Macintosh and the server.
When you connect to a server without security (by choosing the plain FTP connection type), you are said to be sending data, such as your password, in the clear — which means the data is not protected or encrypted in any way. However, plain FTP does not require any special server support, and remains common.
Secure connections come in several types: SFTP, FTP with TLS/SSL, and Kerberos (aka GSSAPI and KClient). Not all servers support secure connections, and a particular server may only support one kind of secure connection. Your network administrator or service provider can tell you if your server supports secure connections, and what other information you might need.
Encrypting data does take some time, and may slow down sessions depending on the speed of your Macintosh and the load on the server. For that reason, Fetch makes it possible to turn encryption off when using FTP with TLS/SSL or Kerberos, in case speed is a higher priority than privacy. (Encryption is always on in SFTP connections; you cannot disable it.) But even if encryption is disabled, passwords are exchanged securely in order to keep them from being captured or seen on the network. It is only your file transfers that are sent unencrypted when encryption is disabled.
Several Fetch windows display a small padlock icon. A locked padlock icon indicates a totally secure connection, that is, you've connected with SFTP, FTP with TLS/SSL, or Kerberos with encryption, and both your password and your file transfers will be secure and encrypted. An unlocked padlock icon indicates a connection that uses FTP with TLS/SSL or Kerberos but encryption is not enabled — your password is sent securely, but encryption will not be used to protect your transfers. No padlock icon is displayed if the connection is not secure at all, that is, it's a plain FTP connection. The padlock icon appears in the info bar of transfer windows, the Mirror window, and shortcut list windows.
When you open an FTP, SFTP, or FTP with TLS/SSL connection, you can store the password for your account in your Mac OS keychain. The keychain lets you store your various passwords securely in a central place so that you don't have to remember all your different passwords. Fetch will also look in your keychain for your password to a server when you use a shortcut, open a recent connection, or open a mirror document. See the keychain help topic for more information.
Other topics related to security in Fetch are: