What do I do when a user has lost their two-factor authentication details?

If a user has accidentally deleted the two-factor authentication settings in Google Authenticator or no longer has access to the app then it will be necessary to clear their secret key.

A user with user administration rights can do this by visiting the user's profile and choosing the Clear key button. If two-factor authentication is optional then they will now be able to log on without needing to supply a verification code. If it is mandatory then they will be given a new QR code to use with Google Authenticator the next time they attempt to log in.

Note that users cannot manage this process themselves unlike with forgotten passwords.

Written by Stephen Hebditch. Published on .
Clearing a user's secret key when they no longer have access to generate a verification code to enter the site.