2FA for clients

Setup

The Installation I host, runs the latest production stable NC in combination with latest clients (Win, iOS & Android).

Use Case

I‘m granting my users the privilege of an easy password, because they (have to) use 2FA (TOTP). From my perspective this should minimize security risks by maximum comfort.

But recently I discovered, that clients don‘t support 2FA. The implementation of 2FA for first logon to a client (afterwards you‘ll have an App-Token), would align security standards.

Your comments are more than welcome!

The app tokens are usually more complex than “normal” passwords. On a desktop client, I see that it can be interesting to use, on a mobile client already a bit less because you need compatible hardware (and still different hardware, because if it is just an app on the same device, it’s not really a second, independent factor).

Not sure, the second factor should be a real second factor. If the password is too trivial, the second factor becomes your real “password”.