App passwords : how to remove/revoke?

KLelong · March 23, 2020, 1:01pm

Hi,
I’m new to this forum.
I’m using owncloud for a few years, and I wanted to add more security to my server.
I added an App Password, but how is that supposed to secure my files ?
When I log out, and log in again, that App Password is nowhere visible.
So if I loose my laptop with that App Password, the finder can access my owncloud-files. Resetting my main password does not work, because the App Password is still valid and can’t be removed.
I thought it would be possible to revoke/remove that one App Password.

Is this really a security enhancement ? What am I missing ? I know it’s an enhancement when all goes well, but in the case of a lost/stolen device there is a big problem I think.

I’m using owncloud 10.3.2, tomorrow I’ll upgrade to 10.4.

karakayasemi · March 23, 2020, 1:25pm

You can invalidate your app password by using web ui anytime you want, see the below screenshot:

KLelong · March 23, 2020, 2:21pm

Are you sure ?
Can you logout and login again, and try the same ?
When I just made that App Password, there was a possibility to remove it. But then I used the menu to do something else, and then went back to the security-settings : nothing to see.
To be fair : I just tried this with my root-account, and there it seems to work fine.
So what’s happening ? I do have a large list of “Sessions”, all seem the same. Maybe this is interfering ? I’ll try to remove those.

KLelong · March 29, 2020, 12:45pm

I resolved my issue.
Since my upgrade from CO9, I didn’t notice the cron-jobs didn’t run. After I managed to get this working, the open sessions vanished and the app passwords appeared.