In addition to setting up TOTP (as suggested by @oldguy), you might also look at the Nextcloud security settings at /settings/admin/security and enforce a strong password policy. You can also enable server side encryption there, if desired.
1 Like