Setting a strict password policy on Nextcloud could prevent your user's accounts from getting hacked. Find out how.
Nextcloud is one of the most flexible, user-friendly, and cost-effective on-premises cloud server solutions you'll find. Once it's up and running, you'll discover there's not much this platform can't do. However, there are a few things you should take care of as soon as you have Nextcloud running.
One such task you should immediately handle is the setting of password policies. Fortunately, Nextcloud has this feature built right in, so there's no need to add a third-party application or even bother with a manual configuration.
SEE: Serverless computing: A guide for IT leaders (TechRepublic Premium)
Why do this?
This question shouldn't have to be asked. But on the off-chance you are either unsure or you have to convince someone, it's simple: If left to their own devices, users will opt to go with passwords like password, password123, 12345, etc. That is far from secure and should never be allowed. That's why you want to enable password policies any chance you can.
With that said, I'm going to walk you through the process of enabling and configuring a password policy for Nextcloud.
What you'll need
The only things you'll need for this process are:
A running instance of Nextcloud
Credentials for a Nextcloud admin user
How to enable the Password Policy
Log into your Nextcloud instance as an admin user. Click on your profile image in the upper right corner and then click Settings (Figure A).
In the resulting window, click Security in the left navigation (Figure B).
Scroll down to the Password Policy entry (Figure C).
Make sure that Forbid Common Passwords is enabled--that should be considered an absolute must. I would also suggest enabling the following (at a minimum):
Enforce Upper And Lower Case Characters
Enforce Numeric Characters
If you're serious about the security of your Nextcloud cloud server, I would suggest enabling each option in the Password Policy section. Yes, it might cause a bit of frustration with your users, but it will certainly add a much-needed boost to the security of your Nextcloud instance.
This is a big one, so pay attention. If you already have users on your Nextcloud instance, and you change the password policy configuration, those old user passwords will still work. In other words, the new password policy will only apply to new users. Because of this, you have two choices:
- Make sure to set the password policy as soon as you deploy Nextcloud.
- After setting the password policy, make sure you send word out to current users to manually update their passwords according to the policy.
Here are the steps for users to change their passwords:
- Click the profile image in the upper right corner.
- Click Settings.
- Click Security in the sidebar.
- Under Password (Figure D), type and verify the new password (that conforms to the new policy).
- Click Change Password.
Hopefully, once all of your legacy users have changed their passwords, to conform with the new rules, everyone on the system will enjoy a much more protected account on your Nextcloud server.
- Multicloud: A cheat sheet (TechRepublic)
- Hybrid cloud: A guide for IT pros (TechRepublic download)
- How to add and use a trusted server on Nextcloud (TechRepublic)
- How to add a password manager to Nextcloud (TechRepublic)
- How to enable logging in Nextcloud 16 (TechRepublic)
- How to install and enable Suspicious Login on Nextcloud 16 (TechRepublic)
- EU turns from American public clouds to Nextcloud private clouds (ZDNet)
- Best cloud services for small businesses (CNET)
- Microsoft Office vs Google Docs Suite vs LibreOffice (Download.com)
- Cloud computing: More must-read coverage (TechRepublic on Flipboard)