User Two-Factor Authentication
With two-factor authentication (2FA), users can access their ownCloud web accounts only by using a trusted device like their mobile phone. When users want to sign in, they need to provide two pieces of information (factors):
the six-digit verification code that’s automatically displayed on the trusted device or sent to the phone number.
To provide 2FA functionality, an app like the 2-Factor Authentication needs to be installed and enabled.
If a two-factor provider app is enabled, it is enabled for all users by default but a user has to opt in, though the provider can decide whether or not the user has to pass the challenge.
|For the opt-in function to work, ImageMagick and php-imagick are required to create the QR code. Depending on your operating system, these packages may need to be installed manually.|
Because the user has to opt in, see the Security section in Personal Settings for tasks on the user side.
In case a user loses access to the second factor, e.g. by breaking or losing the phone with two-factor SMS/app verification, the user is locked out. To give the user access to the account again, an admin can temporarily disable the two-factor check for that user via the occ commands for Two-Factor Authentication. After the issue has been fixed, the admin can reenable two-factor authentication for that user.