How are saved passwords being secured in Thunder?

  • darklightxi@lemmy.worldM
    1·
    1 year ago

    Passwords are not directly stored on the device. Instead, a token (which allows you to perform actions as yourself) is saved onto a local database created by Thunder.

    When you log out of an account in Thunder, the associated token is also removed.

    For now, that’s the extent of it! However, in the future, I hope to add in database encryption which will also help with securing your credentials

    • ericjmorey@lemmy.worldOP
      1·
      1 year ago

      I’m sorry, but as someone not as familiar as I could be with authentication and authorization, I’m not sure I understand your description.

      When I submit my username and password via the Thunder App what is happens to that data when submitted?

    • ericjmorey@lemmy.worldOP
      1·
      1 year ago

      I’m sorry, but as someone not as familiar as I could be with authentication and authorization, I’m not sure I understand your description.

      When I submit my username and password via the Thunder App what is happens to that data when submitted?

      • darklightxi@lemmy.worldM
        2·
        1 year ago

        No worries! When you submit your username/password in Thunder, that information gets sent directly to the instance that you specified (e.g., lemmy.world)

        The instance then responds back with a success/error depending on whether the username/password combination was correct. When the instance sends back a response, they also send what is known as a token. This token is not your password, but is used as a way to perform actions on your behalf. That token is stored locally on your device so that your actual password is never stored!

        When you remove your account from Thunder, that token that was saved on your device also gets deleted.

        That’s the basics of how it works, hopefully that makes sense