Hi. The app password is specific to each user. So I’m confused about the security.
What would happen if the hacker got my app password and used it to log in to that app on another device? As far as I know, it’s possible. So how do we prevent this?
This is the subforum for the Passwords app for Nextcloud. I don’t think you’re right here. Development questions are better asked here: https://help.nextcloud.com/c/dev/11
You delete the app password in “Devices & sessions”. That’s how you prevent an attacker from continuing to use the app password. App passwords can’t and won’t stop an attacker from accessing Nextcloud from another device.
The security benefit of an app password is that you can revoke it and you can limit the access this device has on Nextcloud.
Do you mean device password? But with this, there’s no need for a standard password or an app password. I also want multiple users to be able to use a device. The limit on access to the device would start after the user logged in successfully and the server generated a new app password.
Yes, I knew about that problem. But using an app password is better than storing the user’s password on my app. Once a user logs in successfully, an app password is generated, and it will be revoked if the user logs out. The problem is now how I can prevent attacks from other devices if they know the app password.
I want to have something like this:
