Temporary app password only seems to be valid for a few minutes on dev server

The app password still is present on the "Security" page but only yields a 401 error when used in basic auth after a few minutes. Not reproducible locally. Locally in the docker container the app passwords works until it is removed after one day.