Is it possible for nextcloud to have a login option which is by scanning a QR code?
Let’s say we have the nextcloud app installed on our phone and logged in, and when we are outside using a public computer, we just scan the QR code on the login page using the app installed on our phone.
So we don’t need to type our password in public.
Maybe we can create a QR code that calls for the login information stored on our phone? Or we can go super fancy with tokens and stuff?
This is what I am interested in having:
Also check out the review done by bravenewcoin.com:
did you had a look at the app Two Factor TOTP Provider?
You could have a look also at the page about security in Nextcloud
There was some initial planning, the milestone was moved to NC 12:
Well, the link you shared is for Android/IOS App login via QR code, which would be nice as well, for example a QR code in the “personal” page allowing people to login would be great.
What I am proposing for though, is login to web interface via phone app scanning a QR code displayed on the web interface login page, like this: https://wx.qq.com/?lang=en_US
The Two Factor TOTP Provider is good, but I think it will be better if we can just scan a QR code and login, without entering any login information in the browser, and since you are scanning it with your phone, you already have the two factor verification.
Sorry, that I did get this wrong. So it’s actually that we do our own two-factor authentication within the Nextcloud app.
Or if you can integrate an exsiting one into the Nextcloud app, that would be awesome, too.
Because I think users might want to login using public computers, in my case, I might log in using a school computer. In that case, I don’t want to type in my login information, because there might be key-tracking software planted by other students, you never know.
And no need to say sorry bro. You guys are awesome.
The the current 2FA authentication should help. U2F-device, Google authenticator or other TOTP provider.
I personally won’t consider U2F-device because it requires additional device that I will most certainly forget to bring with me, I have tried TOTP but it’s basically still entering password through keyboard, if the person enters the same code before the app refreshes, then s/he will gain access.
The design I proposed will completely eliminate the need of people to enter any thing in the login page, which I think is the safest option.
There is a bug report to eliminate this problem: https://github.com/nextcloud/twofactor_totp/issues/100
At least for now I think I can live with that.
Though I still hope to eliminate the need of typing login info in the future.
Having the option to login with SQRL in Nextcloud would be great.
Also, of course, for this forum.
+1 for SQRL
This would secure against keystroke-logging, server-in-the-middle, DNS spoofing and other side-channel type attacks.
+1 for SQRL
Using this message to bump this thread a bit