MFA for nextcloud desktop or mobile clients

we’re planning to introduce 2FA for our nextcloud instance.
Testings on browsers are fine, however, is it possible to enforce it for client programs (desktop or mobile clients) as well?
If some password is really stolen, 2FA can be easily bypassed installing client program.
Thanks, best,

Obviously 2FA means a client can’t log in with just the password. They have to pass the second factor challenge as well :see_no_evil:

Just set up a client. You’ll see that it goes through a web login flow and you’ll have to use your configured 2FA methods to be able to get the client connected.

1 Like

Thanks a lot for a quick answer. This makes sense, I’ll test this out.

1 Like

It works properly, upon client’s program login, user is redirected on browser where second factor authentication must be provided.
All fine.