Improve app password handling: prefer copy-only over plain-text display #59420
Description
Hi,
When generating a new app password in Nextcloud, the password is displayed in plain text immediately after creation.
While convenient, this encourages users to visually read or manually transcribe the credential, which increases the risk of accidental exposure (e.g., during screen sharing, shoulder surfing, or screenshots).
Suggested improvement (copy-first / copy-only workflow)
A more secure UX pattern would be to avoid displaying the password in readable plain text by default and instead:
- Provide a "Copy to clipboard" button as the primary interaction
- Avoid showing the password unless the user explicitly requests it
- Optionally include a "Reveal" action behind an additional user interaction
This approach promotes better handling of long-lived app passwords by:
- Reducing unnecessary visual exposure
- Encouraging copy/paste instead of manual transcription
- Aligning with modern best practices for credential handling
Expected behavior
- The generated app password is not directly visible after creation
- Users copy it via an explicit action (e.g., "Copy" button)
- Optional reveal is secondary and requires deliberate user intent
Actual behavior
- The generated app password is displayed in plain text immediately
- No copy-first or copy-only workflow is enforced
Impact
This is not a direct vulnerability, but a defense-in-depth and security UX improvement. Adopting a copy-first approach would reduce the likelihood of unintended credential exposure and encourage safer usage patterns.
Thanks for considering this improvement.