FTP in the clear passwords, are you tired of it yet?
I don't know about you but I'm tired of these hosting companies that offer FTP accounts and don't force SSL connections.
Meaning passwords are sent in the clear.
Then people wonder how their account is compromised. Yes, I know there are other ways like PC viruses etc.. But with all this concern over security, why not simply make users use a secure connection?
I think all the FTP clients out there can do it, and it's only one click to turn it on, and if more hosts did this they would make clients automatically try SSL first as a default.
Even better, I like the FTP clients that don't have a option to force only SSL, and so you don't know if it is secure or not.
I say make the user have to manually click something to go to "normal" mode and then warn them with another screen that their password is going to be sent in the clear.
The original RFC for SSL in FTP was posted in 1996!! http://en.wikipedia.org/wiki/FTPS
Then Cpanel isn't helping, it sends your password in the clear (if you are not SSL) if you simply click on "FTP Accounts", at the bottom of the page you see links that have the password in the URL. Sheesh! When are these guys ever going to learn?