Plex Daydream VR is insecure.

plex-vr

#1

If the Plex VR app is linked to an account where the main plexpass user has a pin/password set, the pin/password will be ignored and the user will be automatically let in and given access to that user's libraries.

The TWO Plex UX rules that are missing are:
1. If a linked account has multiple users, Plex VR should prompt the user to choose the desired user.
2. If a selected user is configured with a pin/password, Plex VR should require the user to enter the correct password in order to access a user's libraries.

The Plex web-app and the Plex app for Roku are good examples to follow.


#2

+1 this happens on Android as well. Was looking for an answer on how to get this working, but looks like it is simply a bug.


#3

It's pretty ridiculous that the security on password enabled accounts is defaulted to in this fashion. Same with the normal client, the first time someone signs into a client they default to the admin account without password access so i cannot just allow family members to set you their own clients. The VR one is simply worse in that sense since user accounts aren't even supported.