Is it possible two use some kind of Two-factor authentication?
Such as TOTP? https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm To use from Keepassxc, Andotp, Freeotp or similar.
At least in Nextcloud it should be simple to set up but I would prefer to use it on both e-mail and Nextcloud. Especially on mail because it will be used as mean to reset passwords to some services.