Nextcloud lets users access and collaborate on documents, calendars and in video chats in the browser or through mobile apps. Over 200 apps extend Nextcloud functionality with features like playing music and movies, tracking your phone, reading news, mindmapping and more. It is by far the most popular private cloud software, 100% open source, developed by a community and used by millions of home users as well as organizations like Siemens, the German Federal Government and many more.
Self-hosting a Nextcloud gives users 100% control over their data, protecting their privacy. But privacy doesn't exist without security and Nextcloud offers many security features like two-factor authentication (2FA), brute force protection, server and client side encryption and much more. Nitrokey’s security and encryption devices are a perfect match.
The Nitrokey Pro 2 and Nitrokey Storage 2 devices have been verified to work correctly with Nextcloud’s one-time passwords for secure two-factor authentication (2FA). This protects users’ accounts in the event of compromised passwords. Furthermore the USB keys feature a password manager, a cryptographic key store for email encryption and SSH administration. In addition the Nitrokey Storage 2 contains an encryption mass storage drive with the option of hidden volumes.
Password-Less Login Experience
FIDO2 authentication makes it possible to replace insecure and complicated password logins with secure and fast login experiences across websites and apps. FIDO2 uses the W3C’s Web Authentication specification (WebAuthn) and FIDO’s Client-to-Authenticator Protocol (CTAP2), which together let users use a device to easily authenticate to online services — in both mobile and desktop environments.
In simpler terms, to log in to your Nextcloud (or another webservice) you just insert your Nitrokey and click a button or two to approve the login.
Nitrokey and Nextcloud are both starting to work on FIDO2 support and have agreed to collaborate on this, making sure Nitrokeys can be used to seamlessly log in to Nextcloud systems. More news is likely to come during the Nextcloud Conference in Berlin later this year.
Enterprise key management
Nitrokey and Nextcloud will explore further collaboration, seeking ways to provide enterprises and private users with even better, more advanced security measures in the future. One of these areas are Nextcloud installations in enterprises providing end-to-end encryption and demanding a secure way to store cryptographic keys. This is where Nitrokey HSM can provide a central key store to securely store keys and at the same time enable the organization protected access to their keys. Here Nitrokey HSM’s m-of-n access scheme allows to define a group of authorized administrators and to protect the keys against a single malicious administrator. Also, encrypted key backups are essential in order to fulfill compliance and availability requirements.