Time to read: <1 minute
The Two Factor plugin for self-hosted WordPress sites is an excellent way of improving the security of your site. There were plans to move this into Core last year but this hasn’t happened – to be honest, I suspect it may be due to how unfinished it currently is, in particular it’s not very user-friendly.
One such “unfriendly” feature is that once you set up a third party authenticator app (which you do via a QR code) there’s no option to do it again – switch phones or apps and there’s no way to set this back up again.
For now, the way around this is to access your MySQL database and run a quick query to cause this to reset. Assuming you have a standard table prefix of
wp_ then you would need to run the following…
DELETE FROM wp_usermeta WHERE meta_key = "_two_factor_totp_key"
Once run, edit your profile and you can now re-access the QR code for setting the authentication code up again.