​Nextcloud 10 beta includes two-factor authentication security

The ownCloud infrastructure-as-a-service cloud fork, Nextcloud, is charging forward with new features.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

For a company that's only been around for a couple of months, Nextcloud isn't wasting any time making improvements. Frank Karlitschek, Nextcloud's managing director, just announced the release of the Nextlcloud 10 beta.

Nextcloud Google Authentication

Nextcloud now comes with two-factor authentication and can authorize with Google accounts.

Nextcloud is a fork of the open-source Infrastructure-as-a-Service (IaaS) cloud program, ownCloud. It's moving quickly beyond its roots. The biggest improvement from where I sit are in Nextcloud's security. Here are the two major additions.

First, Nextcloud will automatically block brute-force login attacks. It works by throttling all login requests coming from a specific subnet. This means, if an IP has triggered multiple invalid login attempts, all future authorization requests from that subnet will be up to 30 seconds slower. If an attacker is coming in from an IPv6 address, their specific device can be blocked.

Second, besides slowing brute-force attacks, Nextcloud's new plug-in based authentication system supports two-factor authentication and device-specific passwords. These can be managed by users and sysadmins alike.

With two-factor authentication, the Nextcloud server offers an application programming interface (API). This enables apps to register themselves as a provider and define a callback after a user has logged-on. To turn this into a true two-factor authentication system, the server administrator will need to install services for each authentication method.

Nextcloud programmer Christoph Wurst has already written several such services and end-user apps, and they'll soon be available for download. Among other authentication methods, Nextcloud will support the use of Google Authenticator and self-supported authentication via SMS.

Besides security upgrades, Nextcloud shared links are now treated as federated shares. This will enable users to control, change permissions, or disable shares irrespective of the continued availability of the shared link itself. Re-shared federated shares now create direct connections between servers, and the permission support of federated shares is now the same as for normal shares.

In addition, the user interface now includes support for permanent links in the URL bar. This lets users share storage URLs without issues -- even if they moved the data to a different location on Nextcloud.

Behind the scenes, external storage now has faster and more reliable Dropbox and Google Drive support. It can also handle Server Message Block (SMB) change notifications more efficiently. This means Nextcloud will work better when changes are made to Nextcloud-shared Windows network drives.

"The Nextcloud10 release is coming together very well, and I'm proud of the work the community and company did together," said Karlitschek in a statement. "The coming weeks we will finalize and stabilize the server and make it ready for home and enterprise users alike."

Want to see for yourself? The Nextcloud beta is available for download.

Related Stories:

Editorial standards