Table of contents
SFTP security is extremely high, because both the sender (client) and the receiver (server) must be verified with uniquely generated pairs of SSH keys. It’s the only file transfer protocol that provides protection across the entire data transfer process – malicious actors won’t be able to find vulnerabilities at any point in the chain.
Not only is it one of the most secure ways of transferring files over the Internet, it’s also one of the simplest.
Unlike other file transfer protocols, SFTP uses a single port (TCP port 22) to establish a connection to the server, ensuring good data integrity and encryption. This makes it the preferred method of file transfer for most users.
FTPS meaning: File Transfer Protocol Secure. At its simplest, FTPS is an extension of FTP. They both work in the same way, with the same protocol – but FTP alone offers no encryption when transferring files between client and server.
The FTPS protocol adds on encryption through a third party certificate, like an SSL (Secure Sockets Layer) certificate – but preferably through Transport Layer Security (TLS). Unlike SFTP, which uses a single encrypted communication channel, FTPS uses two: one connection for commands and another for data transfer. And that brings us to the key difference between SFTP and FTPS.
There are actually two kinds of FTPS: implicit FTPS and explicit FTPS. Implicit FTPS encrypts both the command and data connections, at all times. This is the most secure type, as commands cannot be spoofed and data cannot be intercepted. The problem is that the constant encryption of large files uses a lot of bandwidth, which can slow the transfer. In explicit FTPS, only commands and user authentication are always secure – the data channel can be either encrypted or unencrypted.
This flexibility is useful for non-confidential file transfers, where speed is a necessity and data security isn’t always essential. Access to the server still remains secure and commands cannot be intercepted – but the data is vulnerable to interception. To use FTPS, an FTP client that supports FTP over TLS is recommended. A command-line client can also be used.
Explicit FTPS speed is faster than SFTP, because large files of non-sensitive data can be unencrypted. This may be useful for quickly transferring large files that are already publicly available.
There are some disadvantages to FTPS, too. FTPS is more complex to implement, because it requires more firewall configuration. This can make setup more difficult, cancelling out the speed advantage it holds over SFTP. The additional configuration requirements can also expose vulnerabilities in the firewall while the connection is open.
Unlike FTP and FTPS, SFTP uses the Secure Shell protocol, with only one connection. It encrypts both the authentication information and the files being transferred, at all times.
SFTP also uses a single port number, which makes it easier to configure firewall permissions. FTPS adds a secure layer to the FTP protocol. Like FTP, it uses two connections: one for data transfer and one for commands. Because encryption can be turned off in explicit FTPS, speed is a little faster – but it’s not as secure or as simple to configure as SFTP.
SFTP uses port 22 – this is the only port to configure, making SFTP quick and easy to implement.
Compared to SFTP, ports for the FTPS protocol are a little more complicated. For commands, explicit FTPS uses port 21 while implicit FTPS uses port 990. Once connected, the client and server then negotiate a port for data transfer – by default, either port 20 or random ports. This depends on whether the connection is active or passive, with passive being the more secure – but this may require additional firewall settings changes, which could leave temporary holes in the firewall.
So, in the face-off of SFTP vs FTPS, there can only be one winner – and SFTP takes the title.
While it does have a slight speed disadvantage over FTPS, the fully encrypted security features and simplicity mean SFTP is the best protocol for secure file transfer. While FTPS is still highly secure (especially implicit FTPS), it has a more complicated setup which introduces several disadvantages over SFTP. For legacy systems, however, it’s still a strong, secure method of file transfer.
Choosing an SFTP/FTPS client can feel like a tricky decision. There are so many paid and free options available, all with similar features and abilities. It can be hard to tell them apart.
The best SFTP/FTPS clients offer a simple, flexible user interface, dual panel views and flexible FTP options beyond FTPS or SFTP. it should also have options for advanced users, like a command terminal and integration with cloud computing platforms.
Commander One does all this – and so much more.
Commander One is an FTP client that supports all file transfer protocols – including FTP, SFTP and FTPS. It gives users a deeply customizable interface, advanced features and user-assigned hotkeys, for superfast file management. It’s also a highly advanced file management system for local files, shared network files and servers. You can manage files on a server as if they’re stored locally on your own computer.
Commander One is free to use, but it’s not open-source – which means it’s totally secure and reliable, with regular updates. A PRO version is available, which includes deeper features for advanced users. This consistent update schedule means that Commander One now runs natively on Apple silicon – with full support for the M1 chip and ARM processor architecture.