"Second factor configuration" warning after updating to 32.0.6

Milster · February 14, 2026, 4:57am

Hello. I run a clean installation with previously no errors or warnings. I just updated to 32.0.6 and now receive the following warning…

Second factor configuration

This instance has no second factor provider available.

… The strange thing is that if I go to Logging, that warning is not present. To eliminate that it might be a stale warning I logged into my instance from a browser that has never had contact with my NextCloud instance and I get the same behaviour.

I have added, below to my config but that made no difference.

`‘twofactor_enforced’ => ‘false’,`

Are we being forced to move towards 2FA soon - I thought it was optional. If it is still optional, how do I suppress this new warning?

Thanks!

scubamuc · February 14, 2026, 7:46am

Hey @Milster See here:
https://github.com/nextcloud/server/pull/57854
and

Milster · February 14, 2026, 8:47am

Thank you @scubamuc - clearly an intended change as it is sound security practice. But as for my question on

this does not seem to be mentioned in the GitHub developer notes. I went ahead and enabled the app “Two-Factor TOTP Provider“; so now I am down to a info level message in my log saying that…
”Second factor configuration

Second factor providers are available but two-factor authentication is not enforced.”

bb77 · February 14, 2026, 9:09am

If I had to guess, I’d say it’s because there’s no option to turn off or hide the messages, and If there were some kind of “hidden” switch in the code to do so, someone familiar with the Nextcloud codebase should be able to find it, but I doubt there actually is one, tbh.

So I’d say, at least for now, your only options are to follow the recommendations in the message and enforce 2FA or to ignore the message. After all, it’s just an informational message that doesn’t affect functionality.

Milster · February 14, 2026, 9:26am

Thanks @bb77
Agree. I’ve done just that. Enforced 2FA for admins and let users off the hook for now.

I have my back.

nickvergessen · February 14, 2026, 9:31am

There is no hidden switch. If you are backing up your full life into Nextcloud it should be considered to use 2FA. Enabling any 2FA app removes that warning and brings an info to remind admins when it’s not enforced. That is exactly the intention. Secure your private life!

stefanulnij5g2 · February 15, 2026, 4:42pm

I’m exclusively using SSO to login (of course with 2FA enforced), so this is a useless warning.

bb77 · February 15, 2026, 6:41pm

And there is absolutely no account on your Nextcloud, not even some admin fallback account that has a password set and therefore would still be accessible via /login?direct=1?

nickvergessen · February 16, 2026, 6:56am

Then it also doesn’t hurt to simply enable and enforce a 2FA app to remove the warning

system · February 24, 2026, 6:56am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.