Apps are currently installed with the same password, and only some support changing the password.
These apps are exposed to the public internet. Brute forcing the password with a bot takes little to no effort. Not to mention the fact that for the apps where you can’t change the password, once the attacker gets in, you can’t stop them without redoing everything.
Having MFA support for the apps, just like you do for the Cloudboxes login, would make them much more secure.
PS: At the very least, being able to change passwords for ALL apps would go a long way.
Thanks for the report, i hope it gets voted more.
Meanwhile, do note that we offer the incognito mode per app upon installing, that if enabled, there is no web interface exposes publicly. To access the app’s interface you ll need to securerly connect with the free provided VPN (doesn’t count as an app running)
https://cloudboxes.io/assets/marketing/incognito_mode.jpg
*Incognito mode, allowing users to install an app without publicly exposing it’s web interface. In order to connect to web interface of the app, user needs to establish a secure VPN connection to his/her Cloudbox via the available options of Wireguard or OpenVPN.
This feature increases security to the level that it’s even viable to not having password protected web interfaces at all when combined with a dedicated IP.
In order to enable this Feature, you need to search for the available application you want to install, click options, Enable Incognito for the app, and click Install.*