Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Nextcloud
  3. Nextcloud 2FA and App Passwords

Nextcloud 2FA and App Passwords

Scheduled Pinned Locked Moved Solved Nextcloud
nextcloudapp passwords
9 Posts 4 Posters 4.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • christiaanC Offline
      christiaanC Offline
      christiaan
      wrote on last edited by girish
      #1

      I want to turn on 2FA in Nextcloud using the TOTP app.

      I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

      But do you have to create a password for every single app or device? Or can you just create one 'app password' and use that for, example, your iPhone and Mac calendar, contacts and file sync**?

      ** Do you actually need to use an 'app password' for desktop file sync or will that continue to work as normal, having been verified via web browser granting permission already?

      murgeroM 1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        This is probably more a question to be asked with Nextcloud upstream project itself. But given these are app passwords, I would expect that each client/device needs its own.

        1 Reply Last reply
        1
        • christiaanC Offline
          christiaanC Offline
          christiaan
          wrote on last edited by
          #3

          Yeah, sorry, sometimes I'm not sure whether to post here or on Nextcloud because I'm not sure if there are some Cloudron-specific implications to think about or not.

          I found the comment below on Nextcloud forum. It sounds like you can create just one password for all devices/apps, but it's not intended to work that way. Although it seems to me you don't lose much functionality compared to the convenience? If a password is compromised you replace it and update all your devices/apps. The main password is still safe and protected by 2FA.

          https://help.nextcloud.com/t/app-password-not-working-as-expected/28744

          The idea behind this is:

          • the user creates one app password for each app
          • uses a different password for each app
          • (optional) uses a different app password for the same app on a different device
          • can see in Nextcloud GUI which “app” (or device) logged in last
            • can discover compromised passwords due to unexpected login behavior
            • can revoke the compromised password and set a new one, without the need to change the “normal” password for your account (security gain)
          1 Reply Last reply
          0
          • christiaanC christiaan

            I want to turn on 2FA in Nextcloud using the TOTP app.

            I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

            But do you have to create a password for every single app or device? Or can you just create one 'app password' and use that for, example, your iPhone and Mac calendar, contacts and file sync**?

            ** Do you actually need to use an 'app password' for desktop file sync or will that continue to work as normal, having been verified via web browser granting permission already?

            murgeroM Offline
            murgeroM Offline
            murgero
            App Dev
            wrote on last edited by
            #4

            @christiaan said in Nextcloud 2FA and App Passwords:

            I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

            This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

            --
            https://urgero.org
            ~ Professional Nerd. Freelance Programmer. ~

            marioM christiaanC 2 Replies Last reply
            1
            • murgeroM murgero

              @christiaan said in Nextcloud 2FA and App Passwords:

              I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

              This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

              marioM Offline
              marioM Offline
              mario
              App Dev
              wrote on last edited by
              #5

              What the mobile apps do is:

              • you enter username password
              • you enter 2FA, if needed

              The server generates the app password and passes it to the application which then uses it.

              So in most cases, there should be no need to generate one yourself.

              1 Reply Last reply
              2
              • murgeroM murgero

                @christiaan said in Nextcloud 2FA and App Passwords:

                I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

                This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

                christiaanC Offline
                christiaanC Offline
                christiaan
                wrote on last edited by christiaan
                #6

                @murgero said in Nextcloud 2FA and App Passwords:

                @christiaan said in Nextcloud 2FA and App Passwords:

                I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

                This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

                Okay great, I see, but this is just for mobile app/file sync right? For calendar and contacts sync I will need to generate app passwords if 2FA is on?

                marioM murgeroM 2 Replies Last reply
                0
                • christiaanC christiaan

                  @murgero said in Nextcloud 2FA and App Passwords:

                  @christiaan said in Nextcloud 2FA and App Passwords:

                  I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

                  This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

                  Okay great, I see, but this is just for mobile app/file sync right? For calendar and contacts sync I will need to generate app passwords if 2FA is on?

                  marioM Offline
                  marioM Offline
                  mario
                  App Dev
                  wrote on last edited by
                  #7

                  @christiaan Davx5 also supports this kind of login. For apps that do not support it we indeed do recommend for you to generate app passwords yourself. (there are various advantages to app passwords, like remote wipe if the app supports it).

                  1 Reply Last reply
                  0
                  • christiaanC christiaan

                    @murgero said in Nextcloud 2FA and App Passwords:

                    @christiaan said in Nextcloud 2FA and App Passwords:

                    I understand you need to generate separate 'app passwords' for all the devices/apps that need access.

                    This is incorrect (maybe except for the PC version??) all you need is to open the nextcloud app on android or ios (if that's what you are using) then login normally, it will ask for 2FA so switch apps, copy number, switch back and paste it. Then allow the app to use your nextcloud account. Then use the app to sync contacts and such (or use a third party tool)

                    Okay great, I see, but this is just for mobile app/file sync right? For calendar and contacts sync I will need to generate app passwords if 2FA is on?

                    murgeroM Offline
                    murgeroM Offline
                    murgero
                    App Dev
                    wrote on last edited by
                    #8

                    @christiaan If the contact sync is android, the Nextcloud app can handle this for you as well - I use it. I've never had to generate app passwords myself. Always just let my mobile app do it.

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~

                    1 Reply Last reply
                    0
                    • christiaanC Offline
                      christiaanC Offline
                      christiaan
                      wrote on last edited by
                      #9

                      All iPhones and Macs at our end.

                      1 Reply Last reply
                      0
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search