Game clients should generate FTP passwords for themselves on the fly, and send a hashed copy of this password to the server. Server should then check FTP authentication requests against these hashed passwords.
Alternatively, the gameserver could just generate passwords for every newly connected client on the fly, pass them to the very client, store them in memory and check clients' FTP authentication requests against this password. From the client perspective: clients should expect to receive such a password when connecting through the game protocol and use this for authenticating to the FTP server later.
