How to force 2fa?

Steps to reproduce

  1. 2FA

Expected behaviour

So that you can’t use owncloud until you’re up and running on your 2fa account

Actual behaviour

Users can use owncloud without running 2fa and can disable it

That’s not possible with the basic TOTP plugin.

This extension provides the most simple way to add a second factor to user logins. More sophisticated 2-Factor Authentication mechanisms with additional authentication devices is available via the PrivacyIDEA ownCloud App or by integrating other Identity Providers that offer multi-factor authenication mechanisms.

You cannot enforce 2FA for all users but once you are sure all users correctly enabled 2FA over their security settings page, as dirty workaround you could theoretically comment this section twofactor_totp/personal.php at master · owncloud/twofactor_totp · GitHub to prevent them from opting-out at a later stage.