Administrator override / cancellation of 2fa

[loopmail]

From what I've seen, there is no way for an admin to cancel out another admin's 2fa settings? I'm just thinking that there needs to be a way to allow it to be cancelled should you lose your phone with google authenticator on it or some such. 

Within the googles apps, the administrator users can clear the 2fa settings.  I'm just wary of setting this and losing my phone/having my phone (or my staff's phones) stolen and not being able to get back in. 

Is there a process for this?

I realise some might think this is a security risk, but if it was only full admins who have the ability to adjust the 2fa settings it should be ok? you don't normally set all staff as full admin, I'd imagine most only have 1-2 senior full admins as this enables access to system-wide changed (they can turn 2fa on and off anyway) and all other users with lesser access. 

Just a thought. 

[WHMCS John]

Hi @loopmail,

You are correct, there is intentionally not a way in the UI to disable two factor authentication for another administrator user.

A Backup Code is provided upon configuration of two factor authentication. If the device is lost/broken, this backup code should be used to login and 2FA can then be disabled.

If the backup code has not been saved, then technical support can assist with disabling 2FA for an account.

[zitu4life]

Hope WHMCS creates small tutorial how to use this future, I wont setup it until understand it well, because it could block login, (and for security, and should be like that), but as users we need to be confidence when activate it. 😉