Nextcloud is designed to keep your data secure while you sync your data and work with other people. With every release, we bring new technologies, visible and invisible, to secure files and enhance collaboration. Nextcloud 14 introduces our innovative Video Verification and Signal & Telegram 2FA support for security. To enhance collaboration, we introduce note shares, search in the content of comments, recovery of deleted group shares and improved federation. This blog post aims to update you on these and other improvements.
HackerOne: paying experts to find issues
While we regularly get praise from customers who have done pentesting on our software, we believe that getting the help from the global security community is important to validate our security efforts. Our HackerOne program pays out money to hackers who find issues in our software and responsibly disclose those to our security team.
A recent HackerOne case study has analyzed our security work and concluded our bug bounty handling is an example for others to follow. Michiel Prins, co-founder HackerOne, had this to say:
Nextcloud’s lightning fast response times are impressive and make them a model for how to build an efficient bug bounty triage and response process.
You can learn more and download the case study from the HackerOne website.
New security features in Nextcloud 14
For Nextcloud 14, two main security features are new:
Video Verification
Signal/Telegram/SMS 2FA support
We also updated our SAML and Kerberos authentication and introduced a new GDPR compliance app.
Video Verification
Video Verification
Video Verification is our new, unique feature that is meant to ensure that only the right person looks at the data you shared. You might think: well, I put a password on it, won’t that do the trick? It is indeed true that a password for a share link, especially when sent through another channel like sms, makes it harder for a third party to get access to the files. But there are certainly scenarios where this still happens: a spouse might use the phone, or a child. For most data, this isn’t a big deal. But think of a doctor who wants to make sure an X-ray only can be seen by the patient, not their family?
Just like a bank might require you to physically come in to open a bank account and a doctor would require a visit to tell you the results of an examination, you might want to make sure some data strictly ends up before the intended recipient. This is where Video Verification comes in. When this option is enabled, the user receives only the share link, not the password. The share link page gives a ‘request password’ button, which starts a call using Nextcloud Talk. Your phone will ring and you will be able to see and talk to the intended recipient! Once you have verified who it is, you can give the password and he/she can log in and view the data.
The second main security feature in Nextcloud 14 is a new second factor authentication provider. 2-factor authentication improves the security of authentication by using a second way of ensuring only the right person can log in: besides a password, a code from a device like a phone has to be entered. New in this release is the ‘gateway’ 2-factor provider. It allows use of the secure messaging apps Signal and Telegram as well as various SMS gateways as a second factor to secure their authentication. Most up-to-date applications communicating with Nextcloud now use Login flow so you will be able to log in just like you would on the web, including, but not limited to SMS-based authentication. Absent support for the Login flow, your legacy applications will accept device passwords.
Note that especially the Signal authentication support relies on a third party docker container, so take some care with it. You can learn more on this page.
In other 2-factor news, the app now officially supports authentication via NFC (Yubikey NEO)!
SAML and Kerberos
Thanks to a collaboration with the TU Berlin it is now possible to authenticate to Samba servers while using Kerberos authentication. Note that this requires the server to already have a valid ticket to authenticate! The Nextcloud SAML app was updated with support for multiple Identity Providers, allowing a server to have both local users and SAML authentication. The SAML configuration was also simplified.
GPDR
When working with others, it is important to keep data not only secure but also within the legal boundaries set by compliance regulation. Nextcloud has made another step forward in this area. This release introduces a Data Protection Confirmation app and a separate audit log file, complementing to the existing Impressum/legal notice and data request apps available in the Nextcloud Compliance Kit. Using the applications in the kit as well as extensive documentation, supported by our compliance expertise accessible through their Nextcloud Subscription, Nextcloud customers can ensure full legal compliance with a minimum of effort. You can learn more on our website.
Closing
Besides all the big things mentioned above, lots of smaller improvements were made, like the use of the new ARGON2I hashing algorithm – if you don’t know what that means, don’t worry, that is a healthy thing! It simply means our team makes sure to take care of both the small and large things. If you have any feedback or want to contribute, you can contact us over github or get preferential access to our developers through a Nextcloud Subscription.
Nextcloud Hub 9 vous permet de rester connecté. Découvrez de nouvelles fonctionnalités de fédération, l'automatisation des flux de travail, une refonte du design et bien plus encore dans votre plateforme de collaboration open-source préférée !
Nous vous présentons une mise à jour majeure de l'assistant Nextcloud IA, ainsi que de nouvelles informations sur notre collaboration avec plusieurs grands fournisseurs d'hébergement tels que IONOS et OVHcloud pour vous proposer des options d'IA en tant que service !
Bechtle et Nextcloud ont annoncé aujourd'hui une plateforme de collaboration entièrement administrée pour le secteur public, qui ne nécessite pas d'appel d'offres et peut être déployée immédiatement.
Découvrez comment passer de ownCloud à Nextcloud. Notre outil d'aide à la migration fournit des informations sur le processus de migration et vous aide à effectuer la transition en douceur.
Au cours de la dernière année, l'IA est devenue un sujet à la mode. Il y a de l'engouement, mais aussi du fondement. Il y a du positif et du négatif. Nous voulons vous offrir le positif, pas le négatif, et ignorer le battage médiatique ! […]
Maintenance updates 28.0.12, 29.0.9 and 30.0.2 for Nextcloud Hub 7, 8 and 9 respectively are here! Read an update summary and access full changelog on the website.
Frank Dengler from audriga joins the Nextcloud Enterprise Day program with a keynote about migration from SharePoint to Nextcloud. Read this article for more details about the keynote and the speaker.
Nous enregistrons certains cookies pour compter les visiteurs et faciliter l'utilisation du site. Ces données ne quittent pas notre serveur et ne sont pas destinées à vous suivre personnellement ! Consultez notre politique de confidentialité pour plus d'informations Personnaliser
Les cookies utilisés pour enregistrer les données saisies dans les formulaires, telles que le nom, l'adresse électronique, le numéro de téléphone et la langue préférée.
nc_form_fields
Mémorise les données saisies dans les formulaires pour une prochaine visite (nom, adresse électronique, numéro de téléphone et langue préférée).
Les cookies statistiques collectent des informations de manière anonyme et nous aident à comprendre comment nos visiteurs utilisent notre site web. Nous utilisons la solution open source de mesure de statistiques web Matomo
Matomo
_pk_ses*: Compte la première visite de l'utilisateur
_pk_id*: Aide à ne pas compter deux fois les visites.
mtm_cookie_consent: Se souvient que l'utilisateur a donné son accord pour le stockage et l'utilisation de cookies.
_pk_ses*: 30 minutes
_pk_id*: 28 jours
mtm_cookie_consent: 30 jours