Security

How to enable two-factor authentication on Nextcloud 10

If you're running a Nextcloud 10 server and worrying about security, follow these steps to set up two-factor authentication and add an extra layer of protection for your users' data.

2factorhero.jpg
Image: Jack Wallen

The time has come to enable two-factor authentication on every possible service you use or host. If you're not using two-factor authentication, you run the risk of getting hacked...it's that simple.

What is two-factor authentication?

You log into a service with your usual credentials, and then you're required to enter an authentication code to access your account. Those authentication codes are found using mobile apps such as Authy or the Google Authenticator. Without that code, you cannot get in.

The need for higher security is why the developers of Nextcloud made sure to include an app for two-factor authentication in the latest beta release of 10. You must be running Nextcloud 10 for this to work; if you meet that requirement, you can enable two-factor authentication on Nextcloud 10.

SEE: Nextcloud 10 beta includes two-factor authentication security (ZDNet)

Enable the app

The first thing you have to do is enable the two-factor app. Because this is of an experimental nature, you have to start by enabling access to the available experimental apps. This is somewhat hidden—here's how to find it.

  1. Log in to Nextcloud 10.
  2. Click the Apps drop-down in the upper left corner and click Apps.
  3. Click the gear in the lower left corner.
  4. Click to Enable Experimental Apps (Figure A).
  5. Click the Apps drop-down and click Apps.
  6. Click Tools in the left navigation and scroll down until you see TOTP Two Factor—click the Enable button associated with this app (Figure B). Two-factor authentication will be enabled for your Nextcloud 10 server.

Figure A

Figure A
Image: Jack Wallen
Enabling the Experimental Apps in Nextcloud 10.

Figure B

Figure B
Image: Jack Wallen
With a single click, two-factor authentication will be enabled.

How users enabling two-factor authentication

Here's the tricky part: Once you've enabled the app, you still have to enable two-factor authentication for each user. This is done by the user—not the administrator.

  1. Log in as a Nextcloud user.
  2. Click the User drop-down in the upper right corner.
  3. Click Personal.
  4. Select TOTP Second-factor auth in the left navigation.
  5. Click the check box for Enable TOTP.
  6. Open your mobile two-factor app.
  7. Walk through the process of adding a new account (this will vary, depending upon which app you use).
  8. Using your two-factor mobile app, scan the barcode presented by Nextcloud.

Now log out of Nextcloud and log back in. You'll have to click the Authenticate with a TOTP app button and then enter the code (Figure C) from your mobile app.

Figure C

Figure C
Image: Jack Wallen
Logging into Nextcloud with two-factor authentication.

Make two-factor authentication the default

On every service you use—whether it's for social networking, shopping, cloud, etc.—you should have two-factor authentication enabled.

Bravo to the Nextcloud developers for making this setup so easy that anyone can add a second layer of security to their company's cloud service. Consider this a must-have the second you upgrade Nextcloud to version 10.

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox