diff --git a/Monal/Classes/ChangePassword.swift b/Monal/Classes/ChangePassword.swift
index 9e8b3e4fc..0b097a645 100644
--- a/Monal/Classes/ChangePassword.swift
+++ b/Monal/Classes/ChangePassword.swift
@@ -6,6 +6,11 @@
 //  Copyright © 2024 monal-im.org. All rights reserved.
 //
 
+class ChangePasswordDefaultsDB: ObservableObject {
+    @defaultsDB("Quicksy_autogeneratedPassword")
+    var autogeneratedPassword: Bool
+}
+
 struct ChangePassword: View {
     @Environment(\.dismiss) private var dismiss
 
@@ -16,6 +21,7 @@ struct ChangePassword: View {
     @State private var alertPrompt = AlertPrompt(dismissLabel: Text("Close"))
 
     @StateObject private var overlay = LoadingOverlayState()
+    @ObservedObject var changePasswordDefaultsDB = ChangePasswordDefaultsDB()
 
     let accountID: NSNumber
 
@@ -66,7 +72,7 @@ struct ChangePassword: View {
         Form {
             Section(header: Text("Enter your new password. Passwords may not be empty. They may also be governed by server or company policies.")) {
 #if IS_QUICKSY
-                if HelperTools.defaultsDB().bool(forKey: "autogeneratedPassword") {
+                if changePasswordDefaultsDB.autogeneratedPassword {
                     TextField(NSLocalizedString("Current Password", comment: ""), text: $oldPass)
                         .textInputAutocapitalization(.never)
                         .autocorrectionDisabled()
diff --git a/Monal/Classes/MLConstants.h b/Monal/Classes/MLConstants.h
index 024aa1c94..41caaa355 100644
--- a/Monal/Classes/MLConstants.h
+++ b/Monal/Classes/MLConstants.h
@@ -46,6 +46,7 @@ static const DDLogLevel ddLogLevel = LOG_LEVEL_STDOUT;
 #endif
 
 #define kMonalKeychainName @"Monal"
+#define kMonalTmpKeychainName @"Monal.tmp"
 
 //this is in seconds
 #if TARGET_OS_MACCATALYST
diff --git a/Monal/Classes/MLIQProcessor.m b/Monal/Classes/MLIQProcessor.m
index 0ece61df8..791c0ed6b 100644
--- a/Monal/Classes/MLIQProcessor.m
+++ b/Monal/Classes/MLIQProcessor.m
@@ -737,10 +737,10 @@ +(BOOL) processRosterWithAccount:(xmpp*) account andIqNode:(XMPPIQ*) iqNode
 $$class_handler(handlePasswordChangeInvalidation, $$ID(xmpp*, account), $$ID(NSString*, uuid), $$ID(MLPromise*, promise))
     NSString* jid = account.connectionProperties.identity.jid;
     DDLogError(@"Could not change the password of '%@'", jid);
+    [SAMKeychain deletePasswordForService:uuid account:jid];
     NSString* errorMessage = [NSString stringWithFormat:NSLocalizedString(@"Could not change the password of '%@'. Please try again.", @""), jid];
     NSError* error = [NSError errorWithDomain:@"Monal" code:0 userInfo:@{NSLocalizedDescriptionKey: errorMessage}];
     [promise reject:error];
-    [SAMKeychain deletePasswordForService:uuid account:jid];
 $$
 
 $$class_handler(handlePasswordChange, $$ID(XMPPIQ*, iqNode), $$ID(xmpp*, account), $$ID(NSString*, uuid), $$ID(MLPromise*, promise))
@@ -748,6 +748,7 @@ +(BOOL) processRosterWithAccount:(xmpp*) account andIqNode:(XMPPIQ*) iqNode
     if([iqNode check:@"/<type=error>"])
     {
         DDLogError(@"Changing the password of '%@' returned error: %@", jid, [iqNode findFirst:@"error"]);
+        [SAMKeychain deletePasswordForService:uuid account:jid];
         NSString* errorMessage = [HelperTools extractXMPPError:iqNode withDescription:[NSString stringWithFormat:NSLocalizedString(@"Could not change the password of '%@'", @""), jid]];
         NSError* error = [NSError errorWithDomain:@"Monal" code:0 userInfo:@{NSLocalizedDescriptionKey: errorMessage}];
         [promise reject:error];
@@ -756,13 +757,14 @@ +(BOOL) processRosterWithAccount:(xmpp*) account andIqNode:(XMPPIQ*) iqNode
     {
         NSString* newPass = [SAMKeychain passwordForService:uuid account:jid];
         [[MLXMPPManager sharedInstance] updatePassword:newPass forAccount: account.accountID];
+        [SAMKeychain deletePasswordForService:uuid account:jid];
 #if IS_QUICKSY
-        [[HelperTools defaultsDB] setBool:NO forKey:@"autogeneratedPassword"];
+        [[HelperTools defaultsDB] setBool:NO forKey:@"Quicksy_autogeneratedPassword"];
 #endif
         DDLogInfo(@"Successfully changed the password of '%@'", jid);
         [promise fulfill:nil];
     }
-    [SAMKeychain deletePasswordForService:uuid account:jid];
+    
 $$
 
 $$class_handler(handleVersionResponse, $$ID(xmpp*, account), $$ID(XMPPIQ*, iqNode))
diff --git a/Monal/Classes/MLXMPPManager.m b/Monal/Classes/MLXMPPManager.m
index 2563218ad..a4189e112 100644
--- a/Monal/Classes/MLXMPPManager.m
+++ b/Monal/Classes/MLXMPPManager.m
@@ -246,6 +246,8 @@ -(id) init
     _onMobile = NO;
     _isConnectBlocked = NO;
     
+    [SAMKeychain setAccessibilityType:kSecAttrAccessibleAfterFirstUnlock];
+    
     [self defaultSettings];
     [self setPushToken:nil];       //load push settings from defaultsDB (can be overwritten later on in mainapp, but *not* in appex)
 
@@ -634,7 +636,6 @@ -(void) connectIfNecessary
 
 -(void) updatePassword:(NSString*) password forAccount:(NSNumber*) accountID
 {
-    [SAMKeychain setAccessibilityType:kSecAttrAccessibleAfterFirstUnlock];
     [SAMKeychain setPassword:password forService:kMonalKeychainName account:accountID.stringValue];
     xmpp* xmpp = [self getEnabledAccountForID:accountID];
     [xmpp.connectionProperties.identity updatPassword:password];
@@ -779,7 +780,6 @@ -(void) addNewAccountToKeychainAndConnectWithPassword:(NSString*) password andAc
 {
     if(accountID != nil && password != nil)
     {
-        [SAMKeychain setAccessibilityType:kSecAttrAccessibleAfterFirstUnlock];
         [SAMKeychain setPassword:password forService:kMonalKeychainName account:accountID.stringValue];
         [self connectAccount:accountID];
     }
diff --git a/Monal/Classes/Quicksy_RegisterAccount.swift b/Monal/Classes/Quicksy_RegisterAccount.swift
index eb43de447..39dd3c044 100644
--- a/Monal/Classes/Quicksy_RegisterAccount.swift
+++ b/Monal/Classes/Quicksy_RegisterAccount.swift
@@ -49,6 +49,9 @@ class Quicksy_State: ObservableObject {
     
     @defaultsDB("Quicksy_country")
     var country: Quicksy_Country?
+    
+    @defaultsDB("Quicksy_autogeneratedPassword")
+    var autogeneratedPassword: Bool
 }
 
 struct Quicksy_RegisterAccount: View {
@@ -110,7 +113,7 @@ struct Quicksy_RegisterAccount: View {
                 startLoginTimeout()
                 showLoadingOverlay(overlay, headline:NSLocalizedString("Logging in", comment: ""))
                 self.errorObserverEnabled = true
-                HelperTools.defaultsDB().set(true, forKey: "autogeneratedPassword")
+                state.autogeneratedPassword = true
                 //check if account is already configured and reset its password and its enabled and needs_password_migration states
                 if let newAccountID = DataLayer.sharedInstance().accountID(forUser:number, andDomain:"quicksy.im") {
                     self.newAccountID = newAccountID
diff --git a/Monal/Classes/XMPPEdit.m b/Monal/Classes/XMPPEdit.m
index 8888c2619..9121ba25a 100644
--- a/Monal/Classes/XMPPEdit.m
+++ b/Monal/Classes/XMPPEdit.m
@@ -361,7 +361,6 @@ -(IBAction) save:(id) sender
                 if(accountID != nil)
                 {
                     self.accountID = accountID;
-                    [SAMKeychain setAccessibilityType:kSecAttrAccessibleAfterFirstUnlock];
                     [SAMKeychain setPassword:self.password forService:kMonalKeychainName account:self.accountID.stringValue];
                     if(self.enabled)
                     {
@@ -411,7 +410,7 @@ -(IBAction) save:(id) sender
             [[MLXMPPManager sharedInstance] updatePassword:self.password forAccount:self.accountID];
 #if IS_QUICKSY
             if (self.passwordChanged)
-                [[HelperTools defaultsDB] setBool:NO forKey:@"autogeneratedPassword"];
+                [[HelperTools defaultsDB] setBool:NO forKey:@"Quicksy_autogeneratedPassword"];
 #endif
         }
         if(self.enabled)
@@ -644,7 +643,7 @@ -(UITableViewCell*) tableView:(UITableView*) tableView cellForRowAtIndexPath:(NS
         {
             case SettingsChangePasswordRow: {
 #ifdef IS_QUICKSY
-                if([[HelperTools defaultsDB] boolForKey:@"autogeneratedPassword"])
+                if([[HelperTools defaultsDB] boolForKey:@"Quicksy_autogeneratedPassword"])
                     [thecell initTapCell:NSLocalizedString(@"Change/View Password", @"")];
                 else
                     [thecell initTapCell:NSLocalizedString(@"Change Password", @"")];
diff --git a/Monal/Classes/xmpp.m b/Monal/Classes/xmpp.m
index 7e26cafdf..0a569b4ef 100644
--- a/Monal/Classes/xmpp.m
+++ b/Monal/Classes/xmpp.m
@@ -4643,11 +4643,9 @@ -(AnyPromise*) changePassword:(NSString*) newPass
     [iqNode changePasswordForUser:self.connectionProperties.identity.user newPassword:newPass];
 
     //temporarily store the new password in the keychain.
-    //this way, we don't store the password in the db if the app is put
-    //in the background while awaiting the iq result.
+    //this way, we don't store the password in the db when serializing the handler
     NSString* uuid = [[NSUUID UUID] UUIDString];
-    [SAMKeychain setAccessibilityType:kSecAttrAccessibleAfterFirstUnlock];
-    [SAMKeychain setPassword:newPass forService:uuid account:self.connectionProperties.identity.jid];
+    [SAMKeychain setPassword:newPass forService:kMonalTmpKeychainName account:uuid];
 
     [self sendIq:iqNode withHandler:$newHandlerWithInvalidation(MLIQProcessor, handlePasswordChange,handlePasswordChangeInvalidation, $ID(uuid), $ID(promise))];
     return [promise toAnyPromise];