Feature Request: 2FA auth for updating apps

So I have 2FA enabled with the Authn device thing (the security key) and when I go to apps → updates to update my apps, when I press “update all” it asks for the password.

It would be nice to have the option to use the security key to re-authenticate to update the apps, instead of having to type a password.

1 Like

You can use webauthn hardware tokens to only use hardware tokens. No passwords.

You’ll have to file this issue to the relevant github repository, but the real answer is you’ll need to code it yourself and submit as a Pull Request.

There are many kinds of 2fa, so it’ll be up to you if you want to implement it a certain way, plus two factor is not required but wholly optional.

fwiw, my question is… why would someone have access to your admin account to begin with?
Consider that nothing is stopping you from distributing out administrative access to your cloud:

  • creating an admin user that is not your normal user.
  • Adding Two Factor to both users.
  • Do not set up recovery codes for your admin.
  • Receive only admin notifications to your normal user. No actual ability to access the appstore. You can set this up with group restrictions which you add the relevants user accounts to.
  • Now you have no need to normally login as full admin, however an attacker might accomplish that, and even if they access your normal user they can no longer install apps.

If you are that worried about local threats accessing your Nextcloud through your logged in device you might want to consider full disk encryption.