Two factor authentication

Nextcloud supports a number of 2FA (Two Factor Authentication) methods. There are supported through activating additional App. The main ones are:
  • Two-Factor TOTP Provider [Featured]
  • Two-Factor U2F [Featured]
  • Two-Factor Authentication via Nextcloud notification
  • Two Factor e-mail provider
  • Two-Factor Webauthn

There are a number of other Two Factor Authentication related Apps. Please refer to https://apps.nextcloud.com/categories/security


Note: Enabling 2FA for login will require you to generate App password for other access clients that do not support 2FA login to your Nextcloud account.


In this guide, only “Two-Factor TOTP Provider” is documented.

When “Two-Factor TOTP Provider” is installed and enabled by your Nextcloud administrator, you will see the following in your Security setting.



Note: Enabling 2FA for login will require you to generate App password for other access clients that do not support 2FA login to your Nextcloud account.


Before activating 2FA, it is advisable to generate backup codes and keep it for emergency use such as if you temporary lose access to you 2FA device.



Enabling TOTP will generate the TOTP secret and corresponding QR code on screen. Typically you would use a suitable TOTP based 2FA mobile app to scan the QR code and activating it. Any TOTP based 2FA mobile app such as Google Authenticator, Microsoft Authenticator, Authy, FreeOTP Authenticator, Authenticator Plus, LastPass, and many more are supported.


After scanning in the QR code, your preferred 2FA authentication app should provide you with a 6 digit code that you can key in to complete the verification process.



After activating TOTP 2FA authentication, your next login on browser will require you to key in a 6 digit code generated by your authentication app as the second factor.



Note: Enabling 2FA for login will require you to generate App password for other access clients that do not support 2FA login to your Nextcloud account.