The question is why @sightbeagle wants to add basic authentication. The interesting thing is, that you can defend the application on the layer of the webserver.
privacyIDEA uses oC’s 2FA framework, i.e. an attacker would already be at the ownCloud code.
Nevertheless, you can assign any kind of authentication device to the users - smartphone apps, yubikeys, U2F and also… …simple passwords - adding a 2nd password or a site password or group password to the originial oC credentials of the user. Also - this does not interfere with the download links.
Kind regards
Cornelius