Login security - Server and tablet same details


I am not sure if I am missing something here but the web server and tablet login details are the same which means anyone who is using a tablet for data collection and knows the username and password can log into the server and access the forms/data.

Is there a way to either set different passwords for the tablets or restrict login to the server somehow.

I often have to email the login details for the tablets so that people working remotely can download form updates but i do not want them to be able to tamper with the forms and data on the server.

I appreciate any feedback on this. Thanks

Hi Rusti
It has been a long while.

Well this is a classical issue when you are using the same account for designing and managing the project as the account for data collection. As you have mentioned, yes that account could be accessed. I would however advice you do the following

  1. Create a different data collection account which will have it’s own username and password.
  2. Share the project with this account as explained in our approach towards sharing which is discussed here. Ensure you only accord it the permissions it needs
  3. Use this account in the tablets to collect the data

This should definately solve the issue you are facing.


1 Like

Hi Stephane,

Thanks again for the response, i will look into it and see if i can set it up.

I have not tried yet but would it be possible to email the QR code to scan to setup a new tablet, that way the password remains unseen, I am not sure if there is a way to view an already entered password in Kobo (or ODK). The tablet users would be able to access forms but would not know the PW so can not log into the server.

Tanks again for the help. The Apps and assistance from the community are extremely useful.


Hi Stephane,

Following the step above and the link you provided i get the error on the bottom left corner ‘User not found’

I have ticked "require authorization in my Admin account and registered a Data account which i am trying to link in the Project/Sharing settings. The Grant permissions remains ‘greyed out’

What am i missing / doing incorrectly?


There are two servers - one for humanitarian workers and one for everyone else. Your users need to be registered on the correct server and then you need to know their username. Enter the username and select the sharing options.

1 Like

Hi @Rusti,

Backing up with what @jblackman has suggested, i would like to share with you a forum discussion that would help you sort out the issue:


Thanks for the feedback, i think the problem was a delay in the initiation of the new account on the cloud server. I managed t get it working after a day or so.
Appreciate the help.


How was it fixed please? it is my question too. Is there any place of using QR code in kobotoolbox server for the username and password to be read in the ODK collect or kobocollect? or if there is any other options, please forward your suggestions. Thanks in advance.

1 Like

Welcome back to the community @kehabtimer! Would you mind explaining your issue in detail so that we could help you solve your issue.


KoBoToolbox at the moment does not support this feature. Maybe you could create a new feature request here is you wish to see in the upcoming days.

Thank you @Kal_Lam for the response. I need to know if there is any option of transferring server login details without showing the information (particularly the password) to the data collector such as using QR code or any other options. I am raising this for the data security issue i.e. I don’t want the data collector access all the data from the server.
Thank you in advance.

Unfortunately the option you are looking for is not available within the system. The only alternative is to create a data collector account and share the project with them only for data collection, with limited access.


1 Like

Hello @stephanealoo
In KoBoCollect local configuration, in Sandwich top menu and also in General Settings >> Admin Settings, there is a option “Configure via QR code”.
How does this work?
Also configuration information can be protected by Admin Password.
Kind regards

Hi @wroos
Yes definitely this would work but what happens when you scan the code of the app using a different QR code? Can one get the password, which in turn would not address the concern?