Summary
as you already provide app password, a logical step would be to enforce the usage of the app passwords for all places, but the web ui
Motivation
Security, avoid passing around the real user password which can be used to manage the account
Additional context
No response