Set a password policy for Nextcloud users

If you set a strict password policy on Nextcloud, your user accounts cannot be hacked. Find out how.

Set a password policy for Nextcloud users
If you set a strict password policy on Nextcloud, your user accounts cannot be hacked. Find out how.

Nextcloud is one of the most flexible, user-friendly and cost-effective on-premises cloud server solutions that you will find. Once it works, you will discover that this platform cannot do much. However, there are a few things that you should take care of once Nextcloud is active.

One such task that you must perform immediately is to set a password policy. Fortunately, Nextcloud has this feature built-in, so there is no need to add a third-party application or even bother with manual configuration.

SEE: Serverless computer use: a guide for IT leaders (TechRepublic Premium)

Why are you doing this?

There is no need to ask this question. But if you are unsure or you need to convince someone, it is simple: if left on their own device, users will choose to deal with passwords such as password, password123, 12345, etc. That is far from safe and would should never be allowed. That is why you want password policy for every opportunity that you can enable.

That said, I’m going through the process of enabling and configuring a password policy for Nextcloud.

What you need

The only things you need for this process are:

How to enable the password policy

Log in to your Nextcloud instance as an admin user. Click on your profile image in the top right corner and then click Settings (Figure A).

Figure A

The Settings item in the Nextcloud menu.

In the resulting window, click Security in the left navigation (Figure B).

Figure B

The Security item in the Nextcloud sidebar.

Scroll down to the Password Policy item (Figure C).

Figure C

The Password Policy configuration section.

Ensure that Prohibit common passwords is enabled – that should be considered an absolute must. I would also suggest that you enable (at least) the following:

If you take the security of your Nextcloud cloud server seriously, I suggest that you enable each option in the Password Policy section. Yes, it can cause a bit of frustration for your users, but it will certainly add a much needed boost to the security of your Nextcloud copy.

The warning

This is a big one, so pay attention. If you already have users on your Nextcloud instance and you change the password policy configuration, those old user passwords still work. In other words, the new password policy only applies to new users. That is why you have two choices:

  1. Make sure you set the password policy as soon as you implement Nextcloud.
  2. After you set the password policy, make sure you send a message to current users to manually update their passwords according to the policy.

These are the steps for users to change their passwords:

  1. Click on the profile image in the top right corner.
  2. Click on Settings.
  3. Click on Security in the side bar.
  4. Under password (Figure D), type and verify the new password (that complies with the new policy).
  5. Click Change Password.

Figure D

The function for changing the user password.

Hopefully, once all your older users have changed their passwords to comply with the new rules, everyone on the system will enjoy a much more secure account on your Nextcloud server.

Cyber ​​Security Insider Newsletter

Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday

Register today

Also see

Image: Jack Wallen

Google will open Office documents in editing mode, a boon for Chromebooks

Google has just made it easier to switch between Google and Office documents with one small change. Today's Best Tech Deals Picked by PCWorld's Editors Top Deals On Great Products Picked by Techconnect's Editors Beginning in late November, Google is making a small, but critical change to how Google Drive opens Microsoft Office documents, both…

Section 230: Senators grandstand during hearing with Huge Tech bosses

What happened: Less than a week before the US presidential elections, the CEOs of Facebook, Google, and Twitter appeared before the Senate Committee on Commerce, Science, and Transportation.The four-hour hearing was meant to focus on Section 230, the regulation that has shielded internet companies from liability for user content. Most questions, however, had little to…

In a first, researchers draw out secret essential utilized to encrypt Intel CPU code

SECRET NO MORE — Hackers can now reverse engineer updates or write their own custom firmware. Dan Goodin - Oct 28, 2020 8:20 pm UTC Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and,…

Leave a Reply