XF 1.5 Are users locked out if they reset 2FA app & no backup code?


Well-known member
If a user reinstalls their 2 factor authentication app all data in the app is lost. It seems the user can no longer login to the xenforo website, unless the user has generated backup codes. Many will not have this, so it seems they are locked out.
How can such a catch 22 situation be resolved?


XenForo moderator
Staff member
That's why they should make a copy of the backup codes.

Administrators can disable it in the ACP for their account.


XenForo developer
Staff member
You're effectively asking how 2FA can be bypassed -- if they don't have the second factor, they're basically an attacker in the eyes of the system (the type of attack 2FA is specifically trying to stop: password compromise).

In terms of an app, this is one of the reasons we give a recommendation of Authy, as you can recover codes or move devices much more easily (compared to Google Authenticator).


Well-known member
True. Its a catch 22 that will likely affect quite a few of our members. Hopefully an easier fallback solution than backup codes can be found.