Two Factor Authentication in Nextcloud

In Nextcloud, there is the option to set up Two Factor Authentication. We will focus on TOTP, which are time-based codes that expire every 30 seconds. The steps you have to follow are the following:

Getting Started

1. Admin User Install TOTP app on Nextcloud under $URL/settings/apps/security
2. Users may now Enable TOTP under $URL/settings/user/security, under TOTP second-factor auth section.
   • Your QR code will show up once. Do not lose it!
3. Install a Two Factor tool on your mobile device or computer for the QR Code.
   • andOTP - Android app from F-droid & Google Playstore
   • Keepass - available for KeepassDX from F-Droid & Google Play for Android, iOS, Windows, Linux, MacOS

andOTP for Two Factor

4. Scan the QR code that is shown in step 2 with andOTP.
5. andOTP and Nextcloud are merged and now every 30 seconds a new TOTP password is generated.

Now when you log in you will be prompted, in a second step, to type a TOTP password. Type the password shown in the andOTP app.

LoginFlow

Nextcloud supports LoginFlow, which means you can allow access using your mobile or desktop or web app, which you’ve already authorized in order to authorize other accounts and devices on the same machine.

App Passwords (if you cannot use LoginFlow for some reason)

You may add App Passwords to generate a password for every app that needs access to your Nextcloud account.
Example: Nextcloud Desktop / Mobile Client, DavDroid app, Notes App (Mobile), etc.

To add an App Password do the following.

1. Navigate to Personal settings, under Settings section (here you will see every application that has access to your Nextcloud Account). Scroll until you find App passwords.
2. Fill in the box that says App name with the application’s name that you want to use (use a name that is convenient and it is distinguished from other apps).
3. An Application Password is now generated and displayed in a gray box. Type this password (and the your username) on the application you want to use. After you log in hit Done.

Note: After you type Done, the password will never be revealed again. You may want to use a password manager to save this password, or create a new App Password every time you loose a password

Two factor authentication with Telegram

How to in NC admin doc

About the Author

This article was worked on by @ZendaiOwl and @just. Thank you so much for all you do! You may write your own articles by joining our wiki and documentation team on the forum.

2 posts were merged into an existing topic: About moving the articles