IT in Education

Improving the security of your Nextcloud account

nextcloudUsing Two-Factor authentication greatly improves the security of your account. With Two-Factor authentication, you not only need to know your username and password, but you will also need access to your mobile phone. This article describes how to implement Two-Factor TOTP, but there are alternatives including Two-factor via nextcloud notification which allows you to use any logged in device as the second factor.

Mobile phone app

Start by installing the free TOTPAuthentication app for your mobile device.

  1. Open the App Store on your iPhone.
  2. Search for TOTP Authenticator.
  3. Install the TOTP Authenticator app.

Nextcloud app

Start by logging on to your cloud instance with an admin user account.

  1. Click your Avatar > Apps.
  2. Search for Two-Factor TOTP Provider.
  3. Install and enable this featured app.

Using Two-Factor Authentication

Now you can log on with the user account that you want to protect.

  1. Click your Avatar > Settings.
  2. Click Security in the left pane.
  3. Click the checkbox to Enable TOTP.
  4. Open the app on your mobile phone.
  5. Click the plus button on the app to add a new account.
  6. Use the Scan option and point your mobile phone camera at the QR code presented on the screen.
  7. This will create a new account on the mobile phone app.
  8. Enter a code presented in the app into the Authentication code field, and click Verify.

Your user account is now protected with Two-Factor Authentication. You will need to enter the mobile phone app code, every time you log on to Nextcloud. Now that you've created an account on the phone app, you might like to make edits to it, like adding your own icon.

Backup codes

A very important step is to create backup codes that can be used if your mobile phone is lost or stolen.

  1. Click your Avatar > Settings.
  2. Click Security in the left pane.
  3. Click the Generate backup codes button.

This will create a list of 10 backup codes. I recommend that you print off a copy of this list, test the first backup code, and keep the list in a safe place.

Thanks for visiting,