To maintain the highest level of security your should not record your secret credentials (such as password or private key passphrase) anywhere.
Though there may be situations, in which decreased level of security is acceptable in exchange for increased comfort of use. For these situations, WinSCP offer some convenience features. They are listed here in loosely decreasing order of security.
If you are using public key authentication, you can use Pageant authentication agent to avoid entering your passphrase for every connection.
By default, when you enter your password on authentication window, it is used only for that single authentication. When WinSCP needs to authenticate again, such as when reconnecting, opening additional connection for background transfer or opening separate shell session, you are prompted for your password again.
You can choose to keep the password in memory to allow its reuse on password prompt. You can also opt to remember the password for all sessions using preference option Remember password for duration of the session.1)
The same effect (just per-session, not global) has entering your password already to a Password box on the Login dialog. For site (stored session) you can achieve that by using Edit button on the Sites/Stored sessions page of Login dialog.
Note that the password is passed to PuTTY using command-line parameter
-pw. It is rather easy for other processes (possibly malicious) on your computer to retrieve command-line used to start PuTTY, hence to discover your password. So you should avoid using this option, unless you are confident about security of your computer. Preferred alternative approach is to use public key authentication together with Pageant (PuTTY can use Pageant too).
The least recommended method of handling passwords conveniently is to store them unprotected with your site (stored session).
Saved passwords (unless protected by master password) are stored in a manner that they can easily be recovered. It is not possible to securely encrypt passwords in a way that still allows for automatic use. Do not use the save password feature if you are not absolutely sure of the physical and electronic security of the system on which you are storing passwords.
Also note that you need to request storing your password unprotected explicitly on Save session as dialog.
System administrators can restrict password storing altogether.
Site design by Black Gate