Suggestion: rename 'App password' to 'app token' to avoid confusion and for security reasons #3053
pmrt
started this conversation in
Bluesky Client App
Replies: 1 comment
-
I agree that it's a confusing concept, but I think changing it at this point would only lead to further confusion (inevitably, some clients/docs would adopt the new term, and others would not) - and as you mention, they're set to be deprecated soon™ anyway (iiuc). Responsible clients can mitigate point 3 by rejecting passwords that don't match the syntax of an app password. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I noticed that most non-technical users are unaware of the meaning of "app passwords" when interacting with third parties, this label "password" is very prone to confusion for them, so much that most third parties apps need to clarify and specify this for the users.
Because of this and based on my anecdotal experiences, most non-technical users behavior fall into 3 main categories:
So my suggestion is to change the 'app password' label to something that most non-technical users can immediately tell apart from their actual password, something like 'app token', etc.
This simple change could potentially prevent passwords leaks in the future for behavior 3 and encourage the use of third parties apps for behavior 2 (something important for an open protocol like this).
To consider: when oAuth is implemented and app passwords deprecated this would be less of a problem
Beta Was this translation helpful? Give feedback.
All reactions