2020-04-02 00:00:00

Security2fa|authentication|credentials|login|nextcloud|notification|otp|passcode|sign in|totp|two-factor

Nextcloud secure login options explained, and how to configure an easy login

Nextcloud open source software package has plenty of options for securing data it stores, and for providing secure mechanisms for accessing the cloud services it provides. If a Nextcloud server is accessible on the public internet, the first thing to do is to secure login to the server so that outsiders really have hard time if they try to hack in. This article explains the secure login options Nextcloud provides, and shows how to install and use one of them: a remarkably easy login mechanism that relies on Nextcloud Notifications.

Recently, a blog post on Nextcloud.com offered a detailed explanation on all the possible ways it is possible to configure secure user login for a Nextcloud server. The pleasant surprise in the blog post was that I discovered secure login methods I wasn't even aware of.
Here is a brief introduction to each secure login before I make a recommendation which ones you might want to try.

A) Two-factor authentication using a time-based one time password, often abbreviated as OTP, or TOTP. This is generally regarded as a secure mechanism that can be used with many systems ( read more about practical ways to use OTP here) - in addition to Nextcloud. OTP requires users to type multiple passcodes, and setting it up requires an effort.

B) Second authentication via Nextcloud Notification. This is a smart and easy way to login to a Nextcloud server. In addition to ordinary login credentials, Nextcloud's Notification system is used as a light-weight second-factor authentication method. I will show you how to configure this.

C) Text message, Telegram, Signal or another secure messaging app as a transport mechanism for the second authentication layer. This is relatively easy to use and to set up, but especially text message isn't the strongest secure communication method.

D) Passcode via email. An additional passcode is sent to the user via email. Easy to set up and use. If the entire end-to-end email system is secure, this can be a secure method.

E) Dedicated hardware. Small USB key-like products, like Yubikey or Nitrokey can provide very secure two-factor authentication. Requires the purchase of additional hardware, setting it up, and always carrying the hardware product along.

F) Backup code. Nextcloud server can create passcodes that are valid only once. These codes can be used as an authentication mechanism, but primarily they are meant for rescuing a user who has lost other means to login. If you activate two-factor authentication, backup codes are an essential survival method, for instance, if you lose your phone used for authentication.

nextcloud notification login approval window on phone

Individuals and organizations that already have a OTP two-factor authentication system (option A) in place and are used to it, should feel comfortable using the technology with Nextcloud servers as well.

Nextcloud admins and organizations that are starting their journey with two factor authentication should appreciate the easy and user-friendly Notification authentication feature.

How does the Nextcloud Notification authentication work?

The reason I think Nextcloud Notifications is a smart way to securely login to a cloud server is that it cleverly uses a service that is already built in to the system.

Let's say you want to login to Nextcloud from your work computer. You enter your user name and password. Then, Nextcloud waits for you to approve the login attempt on another device. Probably you have your phone somewhere nearby. Pick it up and you will see a notification from Nextcloud asking if it is all right to let someone at a specific IP address in. Just push a button on your phone to approve or reject the attempt. Done.

This is so damn easy that it must be some downsides to it. The first is that you must be logged in to your Nextcloud account on your phone (or on any other device that can access Nextcloud) when the approval notifications arrives. The second is that the approval notification pops up on all devices and computers that are logged in to your Nextcloud account. Still, Notifications is good enough, and much better than relying solely on standard user name-password authentication.

Configuring Nextcloud Notifications to provide simple two-factor authentication

nextcloud notification 2fa app in admin panel

1) Install the Notification Authentication app on the server. You can find it in admin panel at: Apps - Security - Two-Factor Authentication via Nextcloud Notification.

2) Enable the app. Go to: Settings - Personal - Security. On the page, select Enable Notifications.

nextcloud notification authentication activation

3) Create backup codes. On the same page as in the previous step, push the button: Generate backup codes. The codes will be listed on the page. If you have a password manager app, copy the codes into the app, or print the codes, or find another safe place for them (that you can access also when away from your current location).

4) Ensure you are logged in to your Nextcloud account on one or two other devices. On a mobile device, ensure your login is active on a browser as well.

5) To test that it works: log out from Nextcloud on your primary computer. Log back in. Nextcloud Notification screen waits for your approval that you have to do on another device.

notification in browser asks for login approval (nextcloud)

6) Pick up your phone or another device that is logged in, view the Notification, and push Approve button. Now, you are logged in to the server on your primary computer.

We didn't have time to study why the Nextcloud Notification app on Android didn't work for secure login. Nextcloud app version 3.10.1 and 3.11.0 on two Android devices correctly displayed the approval notification, but froze then. Nonetheless, mobile web browser notifications worked fine for secure login authentication.

News

2025-06-11 16:24:00

Let's go.#streetphotographyflic.kr/p/2r3EuJNhttps://flic.kr/p/2r3EuJN


News

2025-06-04 18:08:00

A #photographer has been using sunglasses with a camera and loudspeakers for 8 months: "I quite enjoy them, and they’ve quickly become my daily wear as far as sunglasses are concerned."https://fstoppers.com/artificial-intelligence/ray-ban-meta-glasses-photographers-perspective-701899


News

2025-06-02 14:42:00

Today, digital nomads recognize the benefits but also risks of their lifestyle. An extensive study among traveling workers reveals the highs and lows of the nomad life. #remotework #digitalnomadhttps://klaava.com/digital-nomads-feel-powered-by-their-lifestyle-but-recognise-inevitable-downsides-as-well/


Aland archipelago

2025-05-30 16:59:41

Aland archipelago


Highway across a swamp.

2025-05-30 11:14:51

arihak

Highway across a swamp.


News

2025-05-26 16:29:00

Flower market, but she is selling fruit trees.#streetphotographyhttps://unsplash.com/photos/TfQ6uYmI9QQ


News

2025-05-22 14:19:00

In Spain, the Balearic government asked influencers to help ease pressure on overcrowded hotspots by promoting less-visited areas. Instead, influencers have unintentionally drawn large crowds of tourists to remote, ecologically sensitive locations. #photography #selfiehttps://petapixel.com/2025/05/21/spanish-islands-ban-influencers-after-4000-tourists-flock-to-tiny-beach-for-selfies/


News

2025-05-18 18:23:00

Most travelers already knew that south Europe is the warm and sunny zone of #Europe, and this ranking confirms it. Spain and Italy have most cities in the top 30, followed by France and Portugal. #travelhttps://klaava.com/sunniest-cities-in-europe/


Popular sight in Sevilla

2025-05-16 17:51:34

Popular sight in Sevilla


News

2025-05-14 16:03:00

Bordeaux is ready for hot summer days.#streetphotographyhttps://pixelfed.social/p/arihak/827854641319295061


Cooling zone.

2025-05-13 12:38:47

arihak

Cooling zone.


Hochosterwitz castle

2025-05-10 15:23:05

Hochosterwitz castle


News

2025-05-07 14:39:00

A meeting in winter sun.#streetphotography #travelphotographyflic.kr/p/2qey2NHhttps://flic.kr/p/2qey2NH


News

2025-04-30 17:01:00

Shady character.#streetphotography #travelphotography #StreetPhotography


Not in space, but firmly on the ground in Valencia.

2025-04-25 17:47:30

arihak

Not in space, but firmly on the ground in Valencia.


News

2025-04-24 15:17:00

According to a survey, football (a sport where you are supposed to kick the ball instead touching the ball with a hand) is the most popular sports that fans want to follow live on site even if it means traveling overseas. #travelhttps://klaava.com/sports-events-are-trending-among-travelers/


News

2025-04-23 14:19:00

An unexpected recognition for analog #photography : UNESCO Cultural Heritage designation suggests a renewed appreciation for the craftsmanship and cultural significance of analog methods.https://www.diyphotography.net/analog-photography-recognized-as-intangible-cultural-heritage-by-unesco/


News

2025-04-17 13:18:00

New restriction on Flickr #photo sharing: Free #Flickr accounts will be restricted from downloading original and large-size images. While users will still be able to upload photos of all sizes, free account holders will only be able to download medium and small photos.https://petapixel.com/2025/04/16/flickr-restricting-download-sizes-for-free-accounts/


News

2025-04-16 10:54:00

Morning commute.#streetphotography#travelphotography


News

2025-04-12 09:17:00

The region in #Europe where you will get more #travel days for your euro (or whatever the local currency happens to be). The difference in the average cost is vast between the cheapest and the most expensive European countries.https://klaava.com/here-are-the-cheapest-countries-to-travel-in-europe/