I am wondering if there is any existing feature in NextCloud that’s similar to Personal Vault in OneDrive that when you access that folder you need to authenticate again every time and the files in there are hidden until you authenticated again.
Hi @Delroy_L
Could you please elborate on what you are trying to achieve,or why you need such a feature. By default, each user only has access to his/her own files and folders, but each user can already create password-protected shares.
If your goal is to protect the data from the server operator, the data must already be encrypted before it gets uploaded, otherwise you can never be a 100% sure that no one can gain access to it.
@Delroy_L
I think you want to protect normal files only with a password on webbrowser login.
And for a special folder you like e.g. 2FA additional.
That would be a cool feature but it think it is not possible.
With my description above you can not protect you for a server administrator.
But for keylogger and malware attackers and other who know your password.
An additional authentication with the same password does not improve the security.
What I am trying to do is a folder to store more sensitive files. For example: To Access this folder, you will be required to authenticated again and every x minutes thereafter preferably via 2FA/Token etc. When you use NextCloud Desktop Client, that folder is never synced to your hard drive. It only show up after 2nd layer of authentication.
The goal of this vault is not to prevent server admin to see the file. This feature is to balance the convenience of access to regular files and enhance security to some critical files.
Ah ok. I’m afraid that’s not possible. But you could maybe open a feature request on GitHub…
What you could do to increase security in this regard, is to limit the cookie lifetime so that you generally have to log in more often. I am aware that this is not exactly what you wanted, but I thought I’d mention it anyway…
Yeah, currently I’ll just 2FA everything and maybe require more frequent login. If NC allow you to apply a different policy towards certain folder will be a plus.
If you use in first access only a password then there is no really security advantage for second access with 2FA.
Same if first access is without 2FA and only with password.
You can use endtoend and yes you can not use the web interface. So protect the files also for the administrator you can not allow server side mechanism like server side encryption or 2FA.
It would be cool to protect some filders with 2FA. You can create an issue
For a real protection you must use end to end encryption.
I do see some benefits of protecting some files with 2FA but not all. It’s a balancing acts of convenience and security. You first have to determine how important those files are if accessed by unauthorized person. Then it will be files I care (goes to 2FA and short session timer) and files I don’t care (password only, memory my login by default)