What if I lose my phone?

[UDZGuru]

Hi, I just activated 2FA for my owncloud instance and it works just as expected (using Google Authenticator app).

I set up several app-specific passwords which also work fine. So I guess I have to thank you for the great work.

But I do have one little worry: What happens if I lose / destroy my phone so I cannot access the registered TOTP app anymore?

One thing is for sure: I cannot log in regularly via web interface to owncloud anymore. And probably I cannot change the login-system to "regular" from the owncloud app.

Is there a security fallback for such a case? Google provides a list of "backup-codes" which would work in such a case. So you have to know the username/password combination PLUS have such a backup code (which invalidates itself after one-time usage).

I would love to see such a fallback for emergency cases.

[ChristophWurst]

Good point. We've thought about that too, so we added backup codes to Nextcloud. See nextcloud/server#1171 for implementation details. This will be available soon as part of Nextcloud 11 🚀

[ChristophWurst]

FYI: since Nextcloud will soon have its own app store, I will no longer maintain this app for ownCloud.