User Two-Factor Authentication
With two-factor authentication (2FA), users can access their ownCloud web accounts only by using a trusted device like their mobile phone. When users want to sign in, they need to provide two pieces of information (factors):
the six-digit verification code that’s automatically displayed on the trusted device or sent to the phone number.
To provide 2FA functionality, an app like the 2-Factor Authentication needs to be installed and enabled.
If a two-factor provider app is enabled, it is enabled for all users by default but a user has to opt-in, though the provider can decide whether or not the user has to pass the challenge.
Because the user has to opt-in, see the Security section in Personal Settings link for tasks on the user side.
In case a user loses access to the second factor, e.g. by breaking or losing the phone with two-factor SMS/app verification, the user is locked out. To give the user access to the account again, an admin can temporarily disable the two-factor check for that user via the occ commands for Two-Factor Authentication. After the issue has been fixed, the admin can reenable two-factor authentication for that user.