2020-04-02 00:00:00

Security2fa|authentication|credentials|login|nextcloud|notification|otp|passcode|sign in|totp|two-factor

Nextcloud secure login options explained, and how to configure an easy login

Nextcloud open source software package has plenty of options for securing data it stores, and for providing secure mechanisms for accessing the cloud services it provides. If a Nextcloud server is accessible on the public internet, the first thing to do is to secure login to the server so that outsiders really have hard time if they try to hack in. This article explains the secure login options Nextcloud provides, and shows how to install and use one of them: a remarkably easy login mechanism that relies on Nextcloud Notifications.

Recently, a blog post on Nextcloud.com offered a detailed explanation on all the possible ways it is possible to configure secure user login for a Nextcloud server. The pleasant surprise in the blog post was that I discovered secure login methods I wasn't even aware of.
Here is a brief introduction to each secure login before I make a recommendation which ones you might want to try.

A) Two-factor authentication using a time-based one time password, often abbreviated as OTP, or TOTP. This is generally regarded as a secure mechanism that can be used with many systems ( read more about practical ways to use OTP here) - in addition to Nextcloud. OTP requires users to type multiple passcodes, and setting it up requires an effort.

B) Second authentication via Nextcloud Notification. This is a smart and easy way to login to a Nextcloud server. In addition to ordinary login credentials, Nextcloud's Notification system is used as a light-weight second-factor authentication method. I will show you how to configure this.

C) Text message, Telegram, Signal or another secure messaging app as a transport mechanism for the second authentication layer. This is relatively easy to use and to set up, but especially text message isn't the strongest secure communication method.

D) Passcode via email. An additional passcode is sent to the user via email. Easy to set up and use. If the entire end-to-end email system is secure, this can be a secure method.

E) Dedicated hardware. Small USB key-like products, like Yubikey or Nitrokey can provide very secure two-factor authentication. Requires the purchase of additional hardware, setting it up, and always carrying the hardware product along.

F) Backup code. Nextcloud server can create passcodes that are valid only once. These codes can be used as an authentication mechanism, but primarily they are meant for rescuing a user who has lost other means to login. If you activate two-factor authentication, backup codes are an essential survival method, for instance, if you lose your phone used for authentication.

nextcloud notification login approval window on phone

Individuals and organizations that already have a OTP two-factor authentication system (option A) in place and are used to it, should feel comfortable using the technology with Nextcloud servers as well.

Nextcloud admins and organizations that are starting their journey with two factor authentication should appreciate the easy and user-friendly Notification authentication feature.

How does the Nextcloud Notification authentication work?

The reason I think Nextcloud Notifications is a smart way to securely login to a cloud server is that it cleverly uses a service that is already built in to the system.

Let's say you want to login to Nextcloud from your work computer. You enter your user name and password. Then, Nextcloud waits for you to approve the login attempt on another device. Probably you have your phone somewhere nearby. Pick it up and you will see a notification from Nextcloud asking if it is all right to let someone at a specific IP address in. Just push a button on your phone to approve or reject the attempt. Done.

This is so damn easy that it must be some downsides to it. The first is that you must be logged in to your Nextcloud account on your phone (or on any other device that can access Nextcloud) when the approval notifications arrives. The second is that the approval notification pops up on all devices and computers that are logged in to your Nextcloud account. Still, Notifications is good enough, and much better than relying solely on standard user name-password authentication.

Configuring Nextcloud Notifications to provide simple two-factor authentication

nextcloud notification 2fa app in admin panel

1) Install the Notification Authentication app on the server. You can find it in admin panel at: Apps - Security - Two-Factor Authentication via Nextcloud Notification.

2) Enable the app. Go to: Settings - Personal - Security. On the page, select Enable Notifications.

nextcloud notification authentication activation

3) Create backup codes. On the same page as in the previous step, push the button: Generate backup codes. The codes will be listed on the page. If you have a password manager app, copy the codes into the app, or print the codes, or find another safe place for them (that you can access also when away from your current location).

4) Ensure you are logged in to your Nextcloud account on one or two other devices. On a mobile device, ensure your login is active on a browser as well.

5) To test that it works: log out from Nextcloud on your primary computer. Log back in. Nextcloud Notification screen waits for your approval that you have to do on another device.

notification in browser asks for login approval (nextcloud)

6) Pick up your phone or another device that is logged in, view the Notification, and push Approve button. Now, you are logged in to the server on your primary computer.

We didn't have time to study why the Nextcloud Notification app on Android didn't work for secure login. Nextcloud app version 3.10.1 and 3.11.0 on two Android devices correctly displayed the approval notification, but froze then. Nonetheless, mobile web browser notifications worked fine for secure login authentication.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery