Not with Explicit SSL. The reason is because with Explicit SSL the Client must send the AUTH command to the server to tell the server to drop into secure mode. If the Client sends the AUTH command before it sends the USER/PASS command, then yes, the authentication will be secure. However, if the Client sends the USER/PASS command before sending the AUTH command, then the authentication will not be secure. If you need to use Secure FTP, you should use Implicit SSL (which is SSL running on port 990). When using Implicit SSL, the connection is immediately encrypted/secured before any commands are sent, so the authentication will always be secure.