How to enable simple Two Factor Authentication

help
9.1.x

#1

I have the latest stable version of OC 9.1.0, went through manual update in order to enjoy Two Factor Authentication because I read that from 9.1.0 2FA will be available.

This is how I updated
0. Previous OC was 9.0.4
1. removed all files and folder in OC directory except "data" and "config" folder
2. upload all files and folders except "config"
3. then through terminal

php occ upgrade

didn't found any option to enable 2FA, went through internet a little and added the following two lines to config.php

'session_keepalive' => true,
'token_auth_enforced' => true,

still can't find out how to enable 2FA.

Under Personal Settings I can see Sessions and App Passwords but how am I supposed to turn on 2FA?
I want simple 2FA, either with Email or through Google Authentication app, How do I do that?


#2

I haven't tried it myself. 2FA is enabled when you enable a 2FA app, e.g.
https://apps.owncloud.com/content/show.php/TOTP+TwoFactor+%28Google+Authenticator%29?content=174726
https://github.com/owncloud/twofactor_email
https://github.com/ChristophWurst/twofactor_sms

There are some more details on the developer's blog:
http://blog.wuc.me/2016/05/30/adding-two-factor-auth-to-owncloud.html


#3

I tested this yesterday using selecting the Google Authenticator app but generating the code with 1Password.

Works exactly as expected, although the issue I'm going to have using this is that both the desktop client and calendar sync won't work with 2FA switched on, so of little use without changes to these.

Not actually sure how you'd get around that though?


#4

You need to create app passwords for those. see https://yourcloud.com/index.php/settings/personal#apppasswords


#5

Thanks! That works a treat!!


#6

I've been using this for a week or so now, and it's excellent!

All the clients connecting using App Specific passwords and users logging in through the Web UI with simple passwords and Google Authentication.

Great work and everything feels much more secure!


#7

I'm back, and can report this has continued to work great for file sync and web access in 9.1.1

Quick question though - should it work for syncing calenders too? And can you use the same app-specific password you might use for the file sync client for a calendar app?


#8

I was about to do this too with my OC v10.
That is to say until I read desktop file syncing won't work.
Next I saw post #4; https://central.owncloud.org/t/how-to-enable-simple-two-factor-authentication/1140/4. The link is however dead.

Is desktop file syncing still an issue then?
How would I go about this?

TIA.


#9

It’s on your personal page, you can create app passwords…