The Difference Between FTP, FTPS, and SFTP

Let’s start with a fun fact: FTP has been around for nearly 50 years – and because of that, there are lots of flavors and variations of the protocol. There’s plain old FTP – File Transfer Protocol – but there’s also FTPS, FTP-SSL, and SFTP. Many people ask: How do they differ?

An Explainer on FTP

At a basic level, FTP is a protocol that has one server and many clients that connect to the server in order to transfer files from one system to another. The client(s) then log into the server to execute commands. Commands allow you to move around the file tree, download files, upload files, move directories, delete, and much more. In the early days of the ARPAnet / Internet, this was revolutionary because you could take files and move them over great physical distances – even large files. FTP is not complicated, but it’s exceedingly powerful and has stood the test of time.

The first FTP client applications were command-line programs developed before computers had graphical user interfaces. Such applications are still shipped with Windows, Linux, and Unix-based operating systems today.

FTP helps send files by transmitting information quickly and reliably so you can transfer large files online. File transfer protocol is commonly used for transferring large files between a client and a server. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer or access files in online storage.

File Transfer Protocol and Security

As great as FTP was at the time, it lacked security measures to encrypt usernames and passwords or other data going across the protocol. Thus FTPS and SFTP were made to build security measures directly into the protocol.

Decades later, we have services like Dropbox or Box that use their own protocols to move files around on the internet. You may ask yourself – why not just abandon FTP entirely and let companies use their own protocols? Here are a few reasons:

  1. The backbone of the internet runs on standard protocols, like HTTP, FTP, DHCP, DNS, etc. Using a standard protocol is in line with the goals of a free and open internet.
  2. It gives you flexibility in your toolset. Because of how long FTP has been around, there are tons of tools, scripts and daemons made that work with it.
  3. Many devices already have FTP built into them, such as security cameras. Let’s say you develop a new security camera and want it to connect to a closed protocol, like Dropbox. With FTP, you can make the connection. With a closed protocol, however, you would have to contact Dropbox and pay licensing fees for using their protocol.
  4. Every client machine already supports file transfer protocol! You don’t need to download a client to access FTP functions from the command line – you can even use whatever client you want to interface with FTP!

What is FTPS?

FTPS, also known as FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to commands and data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.

FTPS is to FTP much like HTTPS is to HTTP: an added layer of security while keeping the original protocol relatively unchanged.

What is SFTP?

SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet. If you’ve ever used a Unix-based system, you’re likely familiar with SSH. It’s a protocol that allows you to remotely connect to other systems and execute commands from the command line. SSH is how most servers in the world are administered, so the protocol had to be very secure. SFTP was created as an extension of SSH to transfer files through the secure channel (SSH).

Unlike FTP and FTPS, SFTP protocol is packet-based as opposed to text-based. This makes file and data transfers using the SFTP faster than other secure FTP connections.

Which Protocol Should I Use?

Learning about the different protocols might seem daunting. We’ve compiled a shortlist of the differences — advantages and disadvantages that can help clarify which protocol would be best for your use.

ProtocolProsCons
FTP
  • The oldest protocol, works with most systems
  • Faster than HTTP or email
  • No limits for file size
  • Transfers multiple files and directories at one time
  • Supports file resumes
  • Can create multiple levels of access
  • Easy to use
  • Data sent is not encrypted, including files
  • Passwords and usernames are in plain text making it simpler for an unauthorized user to gain access
  • Limited mobile device access
  • Activity notifications are nearly impossible to create
FTPS
  • It is encrypted
  • Commonly understood and utilized
  • Easy to implement
  • Offers services for server-to-server file transfers based on SSL/TLS
  • Easily supported by mobile devices
  • Works in operating systems that have FTP support but not SSH/SFTP clients
  • Built-in support in .NET Framework.
  • Does not have a consistent directory site listing format
  • Not all FTP servers support SSL/TLS
  • Uses multiple ports, making firewall configuration more complicated
  • Older FTP servers don’t support SSL
SFTP
  • Uses only one port, so it’s easy to use behind a firewall
  • The connection is constantly protected
  • The directory site listing is consistent and machine-readable
  • SFTP is supported by Linux and UNIX servers by default
  • More options than any other system
  • Can perform file system operations, such as file lock, permission and attribute manipulation, and symbolic link creation
  • The interaction is binary and cannot be logged as-is for human reading
  • No server-to-server copy and recursive directory site elimination operations
  • No integrated SSH/SFTP assistance in VCL and .NET structures

SFTP vs FTP

In our opinion, if you are able to use SFTP – use it. FTP is great for legacy devices that don’t support any sort of encryption, but if you have access to encryption, it’s better to use SFTP. You don’t want your files intercepted by a malicious hacker downstream of your machine if you can help it.

SFTP vs FTPS

Both SFTP and FTPS provide a high level of protection. The biggest difference between these two protocols is how connections are authenticated and managed. 

  1. SFTP connections can be authenticated using a user id and password to connect to the server. SSH keys can also be used to authenticate SFTP connections. You will need to generate an SSH private key and public key to connect with the SFTP server. 
  2. With FTPS the usernames and passwords are also encrypted. To connect, your FTPS client will first check if the server’s certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed (by your partner) and you have a copy of their public certificate in your trusted key store.

SFTPFTPS
Separate connections for command and file dataNoYes
Encrypted command and file data connectionYesYes
Key-based authenticationYesNo
Host identity verificationYesYes

Transferring Files

In today’s world of SaaS companies, cloud computing and e-commerce, knowing your options for secure file transfer is important. While we have laid out the main differences between three file transfer protocols, it’s obvious that SFTP and FTPS offer the most security benefits. 

FTP brings the speed and reliability that many industries and devices still rely on, and will rely on well into the future. From small files to mission-critical files that run the world, FTP and it’s secure variants run the world.


Get the best (S)FTP + Modern Featuresets  – Sign up for ExaVault today!