A word of warning

Like any security or cryptographic product, there are a number of concerns that should be addressed. To use WinSCP securely, you should understand how the program works and the concepts involved. Improper usage is often insecure usage, so please be sure to read the manual completely.

The security of the computer running WinSCP is a serious concern. Trojan Horse and Backdoor programs can steal authentication credentials such as passwords and private keys that have been stored or entered on the computer. Public computers often have session monitoring software–including key loggers–or other malicious software.

WinSCP can support SSH “keyboard-interactive” authentication methods if offered by the server. With keyboard-interactive authentication, the server can prompt for special credentials such as a S/Key one-time password or RSA SecurID generated value. These “disposable” credentials are preferable if you must use a public computer. Contact your system administrator to find out if any form of one-time authentication is offered.

Learn about choosing compromise between security of your credentials and convenience of handling them.