Loading service/nextcloud.md +10 −12 Original line number Diff line number Diff line Loading @@ -295,14 +295,15 @@ TODO # How-to ## Disabling 2FA for another user ## Reseting 2FA for another user If someone manages to lock themselves out of their two-factor authentication, they might ask you for help. First, you need to make absolutely sure they are who they say they are. Typically, this happens with an OpenPGP signature of a message that states the current date and the actual desire to reset the 2FA mechanisms. For example, a message like this: authentication, they might ask you for help. First, you need to make absolutely sure they are who they say they are. Typically, this happens with an OpenPGP signature of a message that states the current date and the actual desire to reset the 2FA mechanisms. For example, a message like this: -----BEGIN PGP SIGNED MESSAGE----- Loading @@ -317,7 +318,7 @@ This is to ensure that such a message cannot be "replayed" by an hostile party to reset 2FA for another user. Once you have verified the person's identity correctly, you need to "impersonate" the user and disable their 2FA, with the following path: "impersonate" the user and reset their 2FA, with the following path: 1. log into Nextcloud 2. hit your avatar on the top-right Loading @@ -330,8 +331,5 @@ Once you have verified the person's identity correctly, you need to 7. hit the avatar on the top-right again 8. select "Settings" 9. on the left menu, select "Security" 10. disabling 2FA can take many forms here, either: * uncheck the "Enable TOTP' checkbox, if checked * if a device is present, you can remove it * or, even better, generate new backup codes and send them (encrypted, of course) to the user 10. click the "regenerate backup codes" button and send them one of the codes, encrypted Loading
service/nextcloud.md +10 −12 Original line number Diff line number Diff line Loading @@ -295,14 +295,15 @@ TODO # How-to ## Disabling 2FA for another user ## Reseting 2FA for another user If someone manages to lock themselves out of their two-factor authentication, they might ask you for help. First, you need to make absolutely sure they are who they say they are. Typically, this happens with an OpenPGP signature of a message that states the current date and the actual desire to reset the 2FA mechanisms. For example, a message like this: authentication, they might ask you for help. First, you need to make absolutely sure they are who they say they are. Typically, this happens with an OpenPGP signature of a message that states the current date and the actual desire to reset the 2FA mechanisms. For example, a message like this: -----BEGIN PGP SIGNED MESSAGE----- Loading @@ -317,7 +318,7 @@ This is to ensure that such a message cannot be "replayed" by an hostile party to reset 2FA for another user. Once you have verified the person's identity correctly, you need to "impersonate" the user and disable their 2FA, with the following path: "impersonate" the user and reset their 2FA, with the following path: 1. log into Nextcloud 2. hit your avatar on the top-right Loading @@ -330,8 +331,5 @@ Once you have verified the person's identity correctly, you need to 7. hit the avatar on the top-right again 8. select "Settings" 9. on the left menu, select "Security" 10. disabling 2FA can take many forms here, either: * uncheck the "Enable TOTP' checkbox, if checked * if a device is present, you can remove it * or, even better, generate new backup codes and send them (encrypted, of course) to the user 10. click the "regenerate backup codes" button and send them one of the codes, encrypted
