Setup 2FA on your Nextcloud server
You'll need to have completed the first tutorial in this series before completing this guide:
In this post, we'll show you how to add 2FA (2-Factor Authentication) onto your Nextcloud server; adding an essential, increased layer of security for your files.
Download and enable the TOTP app
Login to your Nextcloud with your admin account, then head over to the Apps section:
Then select Security from the menu on the left, and search for TOTP. Select download and enable:
Download TOTP Authenticator from the app store
Setup TOTP with your account
Back in your Nextcloud server, head over to Settings -> Security Tick Enable TOTP:
This will then create a QR code, which you will need to scan using the TOTP Authenticator app that you downloaded to your mobile device. Please also note the TOTP secret that is generated. Please save this somewhere safe, as if you lose your 2FA device, you can use this Secret to add to a new device:
Now open the TOTP Authenticator app on your mobile device and click the + button to add a new account, then select Scan. This will activate the camera on your device, so that you can scan the QR code on your Nextcloud screen:
Now that your account has been added, you can verify that it works by typing in the regenerating 6-digit code into the Verify box on your Nextcloud server:
You have now successfully setup 2FA for the account that you are logged into. It is strongly recommended that you also generate backup codes, which can be used in the event that you don't have your 2FA device available. You will be provided with 10 codes, each expiring after one use. Keep these somewhere safe:
Logout of your Nextcloud account, and log back in. After entering your username and password, you should be then prompted with the following, where you will need to enter the regenerating code from the Authenticator app.:
Each user will need to follow the above steps from here, for each of your Nextcloud users. Remembering to save the 2FA Secret as well as the Backup codes, for each user.