If you're running a Nextcloud 10 server and worrying about security, follow these steps to set up two-factor authentication and add an extra layer of protection for your users' data.
The time has come to enable two-factor authentication on every possible service you use or host. If you're not using two-factor authentication, you run the risk of getting hacked...it's that simple.
What is two-factor authentication?
You log into a service with your usual credentials, and then you're required to enter an authentication code to access your account. Those authentication codes are found using mobile apps such as Authy or the Google Authenticator. Without that code, you cannot get in.
The need for higher security is why the developers of Nextcloud made sure to include an app for two-factor authentication in the latest beta release of 10. You must be running Nextcloud 10 for this to work; if you meet that requirement, you can enable two-factor authentication on Nextcloud 10.
Enable the app
The first thing you have to do is enable the two-factor app. Because this is of an experimental nature, you have to start by enabling access to the available experimental apps. This is somewhat hidden--here's how to find it.
- Log in to Nextcloud 10.
- Click the Apps drop-down in the upper left corner and click Apps.
- Click the gear in the lower left corner.
- Click to Enable Experimental Apps (Figure A).
- Click the Apps drop-down and click Apps.
- Click Tools in the left navigation and scroll down until you see TOTP Two Factor--click the Enable button associated with this app (Figure B). Two-factor authentication will be enabled for your Nextcloud 10 server.
Enabling the Experimental Apps in Nextcloud 10.
With a single click, two-factor authentication will be enabled.
How users enabling two-factor authentication
Here's the tricky part: Once you've enabled the app, you still have to enable two-factor authentication for each user. This is done by the user--not the administrator.
- Log in as a Nextcloud user.
- Click the User drop-down in the upper right corner.
- Click Personal.
- Select TOTP Second-factor auth in the left navigation.
- Click the check box for Enable TOTP.
- Open your mobile two-factor app.
- Walk through the process of adding a new account (this will vary, depending upon which app you use).
- Using your two-factor mobile app, scan the barcode presented by Nextcloud.
Now log out of Nextcloud and log back in. You'll have to click the Authenticate with a TOTP app button and then enter the code (Figure C) from your mobile app.
Logging into Nextcloud with two-factor authentication.
Make two-factor authentication the default
On every service you use--whether it's for social networking, shopping, cloud, etc.--you should have two-factor authentication enabled.
Bravo to the Nextcloud developers for making this setup so easy that anyone can add a second layer of security to their company's cloud service. Consider this a must-have the second you upgrade Nextcloud to version 10.
- How to upgrade to the Nextcloud 10 cloud server in seven easy steps (TechRepublic)
- How to add email to your Nextcloud server (TechRepublic)
- How to integrate Nextcloud into Ubuntu Unity (TechRepublic)
- How to connect the ownCloud desktop client to your Nextcloud server (TechRepublic)
- Information Security Policy (Tech Pro Research)