• Xylight (Photon dev)@lemmy.xylight.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    The client doesn’t store passwords at all, but the client does store your token in localStorage (it’s necessary so that we can make authenticated requests). The only way your account could get hacked is if they gain access to your browser and look through localStorage. If they have access to your computer, you have other problems though. If they do gain access, you can invalidate the JWT by changing your password.