I have recently installed and enabled the two-step authentication security feature via email. Does anyone know if there is a way to activate this feature by default for all users, both new and existing, without them having to do it themselves?
I know that in the security settings, I can enable the two-step authentication feature, but I don’t know which method is activated by default (TOTP or email), and I’m afraid of enabling it and leaving users without access.
It’s not really that difficult. You should create detailed instructions with screenshots for your users. Perhaps you can also carry out the changeover together, e.g. in a meeting.
I don’t use 2FA for my private Nextcloud, by the way. I don’t use 2FA for email either.
To be honest, the data in a Nextcloud is no more important than the data in your email inbox. It’s funny that email inboxes tend not to be secured with 2FA. Maybe it’s because email is 40 years old and the cloud is still considered new. Do you allow web access to email without 2FA or is access only possible via a desktop client such as Outlook? If web access to email is possible without 2FA, then change this too or do without 2FA for Nextcloud. Not that the users end up finding email great and Nextcloud stupid.
I understand and share the reasoning behind using the TOTP system, don’t get me wrong. It’s just that I have users who struggle with technology, and I wanted to make the two-step authentication activation as simple as possible for them. And yes, my intention is to prepare a tutorial with screenshots to make the process as smooth as possible for them.
If I understood correctly from the manuals, once I activate this system, any user who hasn’t enabled and configured TOTP won’t be able to access their account. In that case, can I disable the feature for a specific user so they can log in and set up their account correctly, then re-enable the system for them afterward?
Once again, thank you very much for your help and quick responses.
I am testing the TOTP system and have encountered an unexpected issue. After enabling it, the calendars I had set up on my mobile device via DAVx⁵ stopped working, and I don’t know how to reconnect them.
From what I’ve understood in the documentation I found, I need to use the passwords generated in my security section (backup codes). Is that correct?
I do not use it. But i think you must use an app name / app password. You find it at the button of the page https://cloud.server.tld/index.php/settings/user/security. Strictly speaking, this is an exception to 2FA and therefore a new security risk, but then only for this function.
on my mail server that I administer there is double authentication on the mailboxes with the management interface, and for outlook and the rest this is done with tokens… So saying that there is no double authentication on the mailboxes is false.
HI
I discussed by email with the developer of the application, the project is developed in his free time, that’s why the update arrived late, he is looking for other developers who can give him help on this project. To do this, just go to the github project, I think it will be maintained in the future because contrary to other opinions, I find this app very useful for people who are not comfortable with TOTP. My knowledge as a developer being limited, I will help him by making spontaneous donations … It’s another way to participate in the development.
