Nextcloud 2FA (TOTP)

nextcloud-square-logoNextcloud 11 provides a new Two Factor TOTP Provider app (2FA) that makes your Nextcloud even more secure. We will assist you in term you aren’t familiar with 2FA (second factor) yet. At the end of this blog you find the previous (Nextcloud 10 with 2FA) procedure either.

Let’s start: First login to your Nextcloud as a Nextcloud administrator, switch to the App panel and select Authentification & authorization:

Then enable the Two Factor TOTP Provider app and wait few seconds for downloading and enabling this app:

After few seconds the app will be activated and the button will change to deactivate. Now change to Nextcloud’s personal page and select “TOTP second-factor auth” in the left panel. Check the small box in the right area below “TOTP second-factor auth”:

Check the box and your 2FA barcode will appear. Please first scan this barcode with your mobile device app and second store your TOTP-key e.g. in KeePass:


If you want to have Second factor backup codes (e.g. you lost your mobil device) please generate backup codes and print or save them.

Now, we are already finished! Logout and login to your Nextcloud as Administrator again:

You will be prompted to enter your second factor:


Enter the second factor and proceed with the login. You will be forwarded to your Nextcloud as in the past.

For troubleshooting or maintenance reasons you can temporarily disable and enable the 2Fa app using Nextcloud’s command line. To disable the app temporarily change to your Nextcloud installation path and execute the following command:

sudo -s
cd /var/www/nextcloud
sudo -u www-data php occ twofactorauth:disable <administrator>


Please substitute <administrator> to your Nextcloud Administrator.

To re-enable the app just use enable instead of disable:

sudo -s
cd /var/www/nextcloud
sudo -u www-data php occ twofactorauth:enable administrator


Please substitute <administrator> to your Nextcloud Administrator.

While disabling or enabling the TOTP app all the codes remain the same!

For other applications like Thunderbird, Roundcube … you may have to create separate Nextcloud App-PINs if OTP is enabled. Change to the Personal panel in Nextcloud and create your App-Pin(‘s):

In the 3rd party applications you have to choose the App-PIN(‘s) instead of your personal user password.

Nextcloud 10 with 2FA
  1. enable the experimental apps
    &copy; 2016, rieger::CLOUD
  2. enable the TOTP app
  3. scan the barcode with e.g. Google Authenticator app
  4. logon to Nextcloud using your second factor
  5. patch the LoginController.php
  6. logon to Nextcloud using your second factor again

Enjoy your secured Nextcloud!