The Two Factor plugin for self-hosted WordPress sites is an excellent way of improving the security of your site. There were plans to move this into Core last year but this hasn’t happened – to be honest, I suspect it may be due to how unfinished it currently is, in particular it’s not very user-friendly.

One such “unfriendly” feature is that once you set up a third party authenticator app (which you do via a QR code) there’s no option to do it again – switch phones or apps and there’s no way to set this back up again.

For now, the way around this is to access your MySQL database and run a quick query to cause this to reset. Assuming you have a standard table prefix of wp_ then you would need to run the following…

DELETE FROM wp_usermeta WHERE meta_key = "_two_factor_totp_key"

Once run, edit your profile and you can now re-access the QR code for setting the authentication code up again.