Dont use 2FA from local LAN or specified networks

Hi there,

is there a way to not use 2FA from local network or specified IP addresses?
I like to just use normal login from e.g. local lan (or specified external IP addresses), but will have 2FA enabled from outside from all other places.
I’m using nc 20.0.5

I think it’s not possible. I know especially when you setup new system and login multiple times, using different users, for testing and so on… 2FA might be annoying but this usually not the case for daily operations… In general 2FA is not as disturbing as it seems to - once you whitelist your NC domain and your browser keeps the session cookie you remain logged in for ages… and if you get new device it’s not hard to follow 2FA login once (per app) - and I bet you appreciate this extra security layer as well…

Ok, thanks for the answer. It’s not annoying…maybe more laziness on my part :wink:

Hi @newbie75

I found manually entering the TOTP code every time I wanted to login kind of annoying. Then at some point I ordered two YubiKeys and set up U2F. Now entering the second factor is just one button press on the YubyKey. Of course this has the disadvantage that if you don’t have your YubiKey with you, then you can’t log in. But since I mainly need Nextcloud as a backend for the Android app and for syncing my calendar when I’m on the road, that’s not really an issue. And if you always have the second YubiKey on your keychain, it’s a non-issue anyways.

1 Like

Can you please elaborate. Whitelist how/where? Which domain, local server domain? Thanks

in your browser. successful authentication results in some cookies placed on the system. this cookies allow yo you to access Nextcloud (or any other service) within cookie lifetime.

You should familiarize yourself with some very basic concepts of web application before you start hosting somewhat complex software like Nextcloud…