I wanted to add basic auth because if there was ever a bug in ownCloud that compromised the login page, it would act as a protection against that. However, I don’t know the intricacies of how the ownCloud login works, so my thinking is very possibly flawed. I like the idea of 2FA, but I was unable to find an easy to understand “how to” guide to get this setup. I settled on using an alternate https port and setting up Fail2Ban to block failed login attempts.