How are saved passwords being secured in Thunder?
Passwords are not directly stored on the device. Instead, a token (which allows you to perform actions as yourself) is saved onto a local database created by Thunder.
When you log out of an account in Thunder, the associated token is also removed.
For now, that’s the extent of it! However, in the future, I hope to add in database encryption which will also help with securing your credentials
I’m sorry, but as someone not as familiar as I could be with authentication and authorization, I’m not sure I understand your description.
When I submit my username and password via the Thunder App what is happens to that data when submitted?
I’m sorry, but as someone not as familiar as I could be with authentication and authorization, I’m not sure I understand your description.
When I submit my username and password via the Thunder App what is happens to that data when submitted?
No worries! When you submit your username/password in Thunder, that information gets sent directly to the instance that you specified (e.g., lemmy.world)
The instance then responds back with a success/error depending on whether the username/password combination was correct. When the instance sends back a response, they also send what is known as a
token. This token is not your password, but is used as a way to perform actions on your behalf. Thattokenis stored locally on your device so that your actual password is never stored!When you remove your account from Thunder, that
tokenthat was saved on your device also gets deleted.That’s the basics of how it works, hopefully that makes sense