In the world of COVID-19 a lot of people are working from home, including our team, with technologies which help in the process of collaborating with other co-workers, however this has its downfalls, one of them being security. These days even technologically literate people aren’t as considerate when it comes to security. You might be wondering why online security even matters. Well, one easy way to grasp this concept is to compare online security and offline security. You probably don’t want people going into your home when you’re not there, and go through your drawers, which can also be applied to your digital “drawers” containing important work or personal details. That’s why every solopreneur and SME (small medium enterprise) needs to have solid, but most important secure digital infrastructure so that everyone continues to easily work from home in these challenging times. However when we don’t take the right measures we can make it easy for these people who want to steal or delete your data to do that. Unfortunately, research (cite sources) shows that most of net-izens do not know how to protect their data and often choose really bad passwords. There are even people that tell their password live on TV…
We all know that using strong passwords is a good step, but remembering all those passwords is hard work, and it’s even harder to create strong passwords. One other way to increase security is by adding multi-factor authentication, also known from the initials MFA. This might sound like a lot of technical wizardry words but all it means is that you can only access your account only after you’ve fulfilled certain requirements. Bear in mind that as it happens in real life when you have a door that needs more keys to be opened, with MFA you might feel that the approach is a bit inconvenient in the beginning, but once you get use to the process you will probably feel like this is business as usual. Also, safety first right?
What is MFA?
The basis of MFA relies on the principle that someone might know your password by now - actually you can check if this might have already happen for your email from here. How do we make sure that only you can access your account, instead of everyone who has your password? One approach, is to make the user pass a few checks, in order to decrease the odds of unauthorized access. Practically, there are 3 mechanisms to achieve this:
- knowledge (something the user and only the user knows)
- possession (something the user and only the user has)
- inherence (something the user and only the user is).
You might have already seen this security approach when asked to provide a One Time Password (password that expires after some time), given to you through SMS. Although this is an insecure MFA method (because your sms messages can be intercepted), there are many MFA methods that are more secure. The type of MFA we’re using here is 2FA which means there’s only 2 factors (one of them being your password) that you’ll need to fulfill to access your account.
Enabling MFA to Nextcloud
In order to explain how to set up multi factor authentication, we thought we’d show you how we enabled it for our own accounts. The entire process takes less than 10 minutes to complete. You might have noticed that we talk about Nextcloud a lot in our website and social media. The reason we love it has to do with the fact that it enables us to save all of our documents and always have them with us - in other words, it makes it easier to work from home. It is open source (get behind us big tech), respects our privacy and has a bunch of other features that you can review here. Such important documents require a lot of security precautions though. Firstly you will need a one-time password app which in this case will be installed in your Android phone called andOTP. You can download it on F-droid or Play Store. If you are like us, you would prefer apps from F-Droid - avoiding Google service as much as you can should be the new norm!
On your phone:
- After installing this app on your phone and opening it you will be greeted with the “Let’s get started” screen. Tap on the arrow pointing to the right where you’ll be on the second screen;
- From the drop-down menu choose your favorite encryption method (we recommend Password/PIN);
- After you have finished the setup, you can add a new OTP by clicking on the + icon;
- Tap “Scan QR code”;
- Firstly login into your Nextcloud account
- Click on your profile on the top right corner
- Select settings Look onto the left of the screen and select “Security”
- You’ll be greeted with a screen where after “Password” there’s “Two-Factor Authentication” as well.
- Click on “Generate Backup Codes” - this is important make sure you keep this code somewhere secure (We suggest you write this with pen and paper and keep it somewhere you won’t forget)
- Under Generate backup codes there’s a checkbox which says “Enable TOTP”, check it and that will generate a QR code. If this box does not exists, you need to install the TOTP app from Nextcloud’s app store.
- Now, pick up your phone and scan the QR code shown by Nextcloud.
- Your phone will now have a code that resets after a while, Nextcloud will require you to insert that code in the field and press Enter. (Make sure you do this before the timer ends and the code is reset again)
You are done with the setup! Told you it takes less than 10 minutes.
Does adding 2FA make my account unhackable?
No, sadly, there’s no such thing that will make your account 100% safe. But as Neil Armstrong (sort of) said, “One small step for a man, one giant leap for your online security”
To continue the famous tradition, we’ll leave you with another song that we’ve been jamming to this week.
Questions on how to use two or multi factor authentication? Join our chat here.
Already a Cloud68.co partner? Contact our support team by sending an email at firstname.lastname@example.org or by visiting support.cloud68.co if you already have an account for our support portal and we will be more than happy to help you activating 2FA.
Interested in getting your own Nextcloud instance? Visit the dedicated page