Nextcloud Two-Factor Authentication
Since Version 11, Nextcloud supports Universal Second Factor (U2F) login within compatible browsers. Finally, Nextcloud‘s Android client provides U2F in version 3.8.
Security keys are an easy and exceptionally robust way for second-factor authentication. Recently, Nitrokey and Nextcloud partnered up to encourage this login mechanism. Now, COTECH joins as a software partner.
The result is a usable login flow: At the bottom, a dialog indicates that user interaction is needed during U2F login. Users get assistant with helpful animations if they are not familiar with the concepts of security keys on mobile devices.
The most common security keys are compatible with our implementation. Users can use them via USB or NFC. Just a simple touch with the key on the back of the device and the user is logged in. But USB usage is similarly easy: Plug in the key and press its button to indicate user presence.
Everyone should take a closer look at the NFC help dialog. It helps to find the NFC sweetspot, in other words, where the device’s NFC antenna works best. It uses a local database of phone models where the best spot is known.
U2F is just the first step. In the future, Nextcloud, Nitrokey and COTECH will bring a real passwordless login experience to mobile devices using the WebAuthn standard. One authenticator will replace all user passwords, including that for Nextcloud.
Why did it take that much time?
On Android, there is no U2F API available in a WebView, Android’s in-app browser view, which is used by Nextcloud for its login flow. COTECH’s Hardware Security SDK changed that. It hides away the difficulties of communicating with security key and provides an easy API for developers. So that Nextcloud can bring U2F to its Androids users.
Where can I buy compatible security keys?
In our Security Key Shop we provide Nitrokeys bundled with USB-C adapters for using them with your modern Android smartphone.
Can I use the Hardware Security SDK in my app?
Yes, we would love to get in touch with you. Please contact us at email@example.com.