we’re planning to introduce 2FA for our nextcloud instance.
Testings on browsers are fine, however, is it possible to enforce it for client programs (desktop or mobile clients) as well?
If some password is really stolen, 2FA can be easily bypassed installing client program.
Obviously 2FA means a client can’t log in with just the password. They have to pass the second factor challenge as well
Just set up a client. You’ll see that it goes through a web login flow and you’ll have to use your configured 2FA methods to be able to get the client connected.
Thanks a lot for a quick answer. This makes sense, I’ll test this out.
It works properly, upon client’s program login, user is redirected on browser where second factor authentication must be provided.