You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I just activated 2FA for my owncloud instance and it works just as expected (using Google Authenticator app).
I set up several app-specific passwords which also work fine. So I guess I have to thank you for the great work.
But I do have one little worry: What happens if I lose / destroy my phone so I cannot access the registered TOTP app anymore?
One thing is for sure: I cannot log in regularly via web interface to owncloud anymore. And probably I cannot change the login-system to "regular" from the owncloud app.
Is there a security fallback for such a case? Google provides a list of "backup-codes" which would work in such a case. So you have to know the username/password combination PLUS have such a backup code (which invalidates itself after one-time usage).
I would love to see such a fallback for emergency cases.
The text was updated successfully, but these errors were encountered:
Good point. We've thought about that too, so we added backup codes to Nextcloud. See nextcloud/server#1171 for implementation details. This will be available soon as part of Nextcloud 11 🚀
Hi, I just activated 2FA for my owncloud instance and it works just as expected (using Google Authenticator app).
I set up several app-specific passwords which also work fine. So I guess I have to thank you for the great work.
But I do have one little worry: What happens if I lose / destroy my phone so I cannot access the registered TOTP app anymore?
One thing is for sure: I cannot log in regularly via web interface to owncloud anymore. And probably I cannot change the login-system to "regular" from the owncloud app.
Is there a security fallback for such a case? Google provides a list of "backup-codes" which would work in such a case. So you have to know the username/password combination PLUS have such a backup code (which invalidates itself after one-time usage).
I would love to see such a fallback for emergency cases.
The text was updated successfully, but these errors were encountered: