Two-factor authentication, several devices

Hi all,

I am fascinated about nextcloud, so first of all a big thank you.
I just activated the 2FA, with my main android phone. And of course created a backup codes.

Is there a way, to register several devices, i.e. my Ipad with an OTP app, to have a backup option, if the phones crashes / gets stolen + of course it would be way more convenient to register at least a second device which you might have sitting next to you.

Thanks!

Sure.
Install FreeOTP on your Android/iOS devices.
And while the QR pic is on the screen scan it with every device…

Thanks for your fast reponse :slight_smile: I will try it and let you know

Thank you very much for your hint. I scanned the QR Code with my relevant devices and it works fine now :slight_smile:
btw. do you know if I have to generate new backup codes each time I turned off & on the QR code?
Best regards

Backup codes are another independent form of 2FA.
No need to re-run it regardless of other 2FA used…

@reittier Just remember that if you add another 2FA device, you’ll need to redo all of them. If you need to get around that, you can physically print the TOTP QR code and store it in a secure place to be scanned again later. But only do that if it’s really necessary; it’s more secure to not save the QR code and just reconfigure the devices if needed.

Also have a look at the two-factor admin app. It allows you to generate a one-time code from the server’s command prompt in case a person loses their 2FA device.

Can you elaborate on this?
What are all of them?

All devices providing TOTP 2FA codes for the given account. This is what you just did, right?

So say I have a phone and a tablet set up to generate codes for my account, and I decide I want my codes on my wife’s phone too. I have to turn off 2FA, get a new QR code, invalidating Authenticator codes that were already set up for my account, and then redo all of them with the new QR code.

I was just mentioning in case you did save the QR code. If you regenerate your 2FA, that QR is no longer valid.

Your sentence can be interpreted as:
If you add another 2FA device (e.g. U2F Yubikey) all of them (others, TOTP, for example) need to be redone.

What is not the case…

If you remove the context, sure, you can misinterpret just about anything… I was speaking to the OP specifically in response to his chosen 2FA method across multiple devices.

I’d expect the number of people employing multiple code-based 2FA methods, discounting backup codes and admin support, to be pretty low.

thank you guys for your very fast and helpful information, it worked fine for me :slight_smile:
@KarlF12 indeed that would have been my next question, if i need to redo all of them with a newly created code for new devices. thanks :slight_smile: