Hello,
we’re planning to introduce 2FA for our nextcloud instance.
Testings on browsers are fine, however, is it possible to enforce it for client programs (desktop or mobile clients) as well?
If some password is really stolen, 2FA can be easily bypassed installing client program.
Thanks, best,
Franko
Obviously 2FA means a client can’t log in with just the password. They have to pass the second factor challenge as well 
Just set up a client. You’ll see that it goes through a web login flow and you’ll have to use your configured 2FA methods to be able to get the client connected.
1 Like
Thanks a lot for a quick answer. This makes sense, I’ll test this out.
Regards,
1 Like
It works properly, upon client’s program login, user is redirected on browser where second factor authentication must be provided.
All fine.