Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE]: Mandatory Configuration of Independent Application Passwords in Nextcloud Passwords App #647

Open
4 tasks done
akang1798 opened this issue Mar 26, 2024 · 0 comments
Labels
feature A new functionality for the app

Comments

@akang1798
Copy link

akang1798 commented Mar 26, 2024

⚠️ This issue respects the following points: ⚠️

  • This is a feature request for one feature, not a question, discussion or multiple features.
  • This is not a feature request for the browser extension or another client.
  • This feature is not already requested on Github (I've searched it).
  • This feature does not already exist (I checked the wiki).

Current Status

At present, the Nextcloud Passwords app allows users to create independent end-to-end application passwords. However, users are not compelled to set up these passwords, leaving potential vulnerabilities in the system.

Feature Description

For Administrators:
1.1 Access Nextcloud via the web.
1.2 Open "Settings" and navigate to "Administration" → "Security".
1.3 There is a section for "Passwords" settings.
1.4 Under the "Passwords" settings, there is a checkbox for "Force enable end-to-end passwords".
1.5 Under the "Passwords" settings, there is also an option to restrict to specific groups or exclude certain groups.

For Users:
When administrators check the "Force enable end-to-end passwords" checkbox, users accessing the "Passwords" app will encounter the following scenarios:
2.1 If a user has already set up an end-to-end password, they will log in normally without any changes.
2.2 If a user has not set up an end-to-end password, they will be prompted with a mandatory setup wizard.

Additional Context

Consider a scenario where a security-conscious user, U1, sets up an application password for the Passwords app. However, when U1 needs to share a password with another user, U2, who hasn't configured an application password, security concerns arise. Without U2 having an application password, the risk of unauthorized access increases, especially if U2's device is lost or stolen.

By making the configuration of independent application passwords mandatory, we can significantly enhance the security posture of Nextcloud installations and ensure the protection of sensitive information.

Looking forward to seeing this enhancement incorporated into future versions of the Nextcloud Passwords app.

@akang1798 akang1798 added the feature A new functionality for the app label Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature A new functionality for the app
Projects
None yet
Development

No branches or pull requests

1 participant