diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js
index db77fe4dfc18b..f94d443419ec2 100644
--- a/apps/files_external/js/settings.js
+++ b/apps/files_external/js/settings.js
@@ -1457,30 +1457,37 @@ window.addEventListener('DOMContentLoaded', function() {
 		}
 	});
 
-	$('#global_credentials').on('submit', function() {
-		var $form = $(this);
+	function _submitCredentials(success) {
 		var uid = $form.find('[name=uid]').val();
 		var user = $form.find('[name=username]').val();
 		var password = $form.find('[name=password]').val();
-		var $submit = $form.find('[type=submit]');
-		$submit.val(t('files_external', 'Saving …'));
 		$.ajax({
 			type: 'POST',
 			contentType: 'application/json',
 			data: JSON.stringify({
-					uid: uid,
-					user: user,
-				password: password
+				uid,
+				user,
+				password,
 			}),
 				url: OC.generateUrl('apps/files_external/globalcredentials'),
 				dataType: 'json',
-			success: function() {
+				success,
+		});
+	}
+
+	$('#global_credentials').on('submit', function() {
+		var $form = $(this);
+		var $submit = $form.find('[type=submit]');
+		$submit.val(t('files_external', 'Saving …'));
+
+		window.OC.PasswordConfirmation
+			.requirePasswordConfirmation(() => _submitCredentials(function() {
 				$submit.val(t('files_external', 'Saved'));
 				setTimeout(function(){
 					$submit.val(t('files_external', 'Save'));
 				}, 2500);
-			}
-		});
+			}));
+
 		return false;
 	});
 
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php
index 7491eb846d450..aff72e1d02511 100644
--- a/apps/files_external/lib/Controller/AjaxController.php
+++ b/apps/files_external/lib/Controller/AjaxController.php
@@ -31,6 +31,8 @@
 use OCA\Files_External\Lib\Auth\Password\GlobalAuth;
 use OCA\Files_External\Lib\Auth\PublicKey\RSA;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IGroupManager;
 use OCP\IRequest;
@@ -97,13 +99,13 @@ public function getSshKeys($keyLength = 1024) {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * @param string $uid
 	 * @param string $user
 	 * @param string $password
 	 * @return bool
 	 */
+	#[NoAdminRequired]
+	#[PasswordConfirmationRequired]
 	public function saveGlobalCredentials($uid, $user, $password) {
 		$currentUser = $this->userSession->getUser();
 		if ($currentUser === null) {