try WinSCP. I've been using for over a year now. compared to totalcommander, far has no complaints. + supports sftp. The interface is basically similar to headlights.

Or, if you take a more global approach to storing passwords, use a special utility for storing passwords, such as KeePass keepass.info/
Lots of features, a system of plugins and all this splendor for free!

Maybe you still need to use a good antivirus first, because anyway, if a virus gets in, it steals from where it wants to?
Everything else, in my opinion, is crutches that will not help a lame person walk normally.

In Total Commander version 7.50, saved passwords can be encrypted (AES256).

FTP passwords from TC, and the same WinSCP are stolen just as easily and on an industrial scale, in principle, irreversible encryption cannot be done there.
use SFTP, set up password-protected public key authentication via pageant and use the same FAR + WinSCP plugin as a client.

What is stolen through the network is the vulnerability of the system as a whole. If you start encrypting Far'a passwords, other passwords will be stolen. And if you inject the bible, then encryption will not save much.
And therefore:
- install all the latest updates of the operating system used
- install and configure some kind of firewall. If you are interested in free, I recommend CIS .
- two or more antiviruses in the system is too much. Especially when it comes to resident antiviruses. Not only will this not increase security, but it will also reduce system performance and stability. Leave one alone. If you like the CIS recommended above, leave only its antivirus, it has risen a lot lately, and in the general complex - not at all.

By the way, I don’t want to offend anyone, but this happened to me after visiting Odnoklassniki through IE.
It is from FAR. Added Javascript to all html and php on sites. Even Google banned.

There is an opinion that viruses that steal FTP passwords from FAR have not yet learned how to rake folders in the spotlight ... Unfortunately, I have not received any confirmation or refutation of this opinion yet, so I wanted to ask if your passwords are gone from all saved connections or only from the "top level"?

As an option, I can suggest using a virtual machine for work. I didn’t think about this before, since I’m sitting in Linux, so it’s interesting how people will react to such an approach.

The vehicle has a master password so that it is not stolen from *.ini and the connection via SSL / TLS (I did not check how it works, but there is definitely a jackdaw) so that it is not intercepted along the way.
But it's better to use ssh.

I have two suggestions: first - passwords can be stolen not only from far, so you should monitor security in general, second: do not save passwords, use special programs (they have already called keepass).

I recommend seriously thinking about changing the operating system.