This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here.
The move is extremely surprising, at least for the FileZilla userbase. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse.
The author of FileZilla Secure took this action after his computer was infected with malware, and the malware stole the FileZilla password trove, a file named sitemanager.xml.
Because FileZilla didn’t store passwords in an encrypted format, the attacker had access to all the user’s FTP credentials, stored as plain text inside the sitemanager.xml file.
This feature is not turned on by default, and to configure a master password with FileZilla 3.26.0, users must visit the Edit > Settings > Interface section, enable the feature, and set a master password.
