Auth0 Home Blog Docs

Is there an automated MFA reset process?

mfa

#1

We have recently set up a login-system using MFA, where the user can choose to either use Guardian or Google Authenticator (or equivalent). People have to enter their recovery code if their device has been stolen/reset. They can then be logged in using the recovery-key, which acts like a one-time-password.

The scenario is like this:
Use normal password -> use recovery-key -> copy new recovery key -> login
It seems there is no process, where the user can reset the MFA? It keeps the user in a loop where the user has to use recovery-keys for each login.

Is there a way for the user to reset MFA using the recovery-key? Like this:
Use normal password -> use recovery-key -> reset MFA -> setup MFA incl. new recovery-key -> login
This way the user would be able to setup their MFA again without a manual interference.

Any help on this would be highly appreciated :slight_smile:


#2

Hey Orloff!

Unfortunately the user itself cannot reset MFA from the app level. When it comes to our web dashboard the admin of the app is able to reset the MFA for certain user, here’s more on that: https://auth0.com/docs/multifactor-authentication/administrator/reset-user.

You might be also interested in utilising MFA API for which the documentation is here: https://auth0.com/docs/multifactor-authentication/api