If you set a strict password policy on Nextcloud, your user accounts cannot be hacked. Find out how.
Set a password policy for Nextcloud users
If you set a strict password policy on Nextcloud, your user accounts cannot be hacked. Find out how.
Nextcloud is one of the most flexible, user-friendly and cost-effective on-premises cloud server solutions that you will find. Once it works, you will discover that this platform cannot do much. However, there are a few things that you should take care of once Nextcloud is active.
One such task that you must perform immediately is to set a password policy. Fortunately, Nextcloud has this feature built-in, so there is no need to add a third-party application or even bother with manual configuration.
SEE: Serverless computer use: a guide for IT leaders (TechRepublic Premium)
Why are you doing this?
There is no need to ask this question. But if you are unsure or you need to convince someone, it is simple: if left on their own device, users will choose to deal with passwords such as password, password123, 12345, etc. That is far from safe and would should never be allowed. That is why you want password policy for every opportunity that you can enable.
That said, I’m going through the process of enabling and configuring a password policy for Nextcloud.
What you need
The only things you need for this process are:
How to enable the password policy
Log in to your Nextcloud instance as an admin user. Click on your profile image in the top right corner and then click Settings (Figure A).
Figure A
The Settings item in the Nextcloud menu.
In the resulting window, click Security in the left navigation (Figure B).
Figure B
The Security item in the Nextcloud sidebar.
Scroll down to the Password Policy item (Figure C).
Figure C
The Password Policy configuration section.
Ensure that Prohibit common passwords is enabled – that should be considered an absolute must. I would also suggest that you enable (at least) the following:
If you take the security of your Nextcloud cloud server seriously, I suggest that you enable each option in the Password Policy section. Yes, it can cause a bit of frustration for your users, but it will certainly add a much needed boost to the security of your Nextcloud copy.
The warning
This is a big one, so pay attention. If you already have users on your Nextcloud instance and you change the password policy configuration, those old user passwords still work. In other words, the new password policy only applies to new users. That is why you have two choices:
- Make sure you set the password policy as soon as you implement Nextcloud.
- After you set the password policy, make sure you send a message to current users to manually update their passwords according to the policy.
These are the steps for users to change their passwords:
- Click on the profile image in the top right corner.
- Click on Settings.
- Click on Security in the side bar.
- Under password (Figure D), type and verify the new password (that complies with the new policy).
- Click Change Password.
Figure D
The function for changing the user password.
Hopefully, once all your older users have changed their passwords to comply with the new rules, everyone on the system will enjoy a much more secure account on your Nextcloud server.
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: Jack Wallen