2fa device lost

Hey everyone,

I have a user that recently got a new phone and all of his 2fa tokens were wiped out. The user is now unable to get into my nextcloud envrionment because it was enforced vai the settings.

Does anyone have an idea what we need to do to get him back in to his nextcloud account?


As an administrator you can use the impersonate app to switch to the user profile and adjust the relevant settings, or you can use the ./occ twofactorauth:..command line tool to remove the 2fa device from the users profile.

1 Like

Thanks for the quick reply, I will look into the impersonate app. As for the command line options I keep getting syntax errors every time I try to use it. Do you have any commands or switches that may help me out?


The syntax you are using seems strange.

Can you try:
sudo -u www-data php occ twofactorauth:disable 550E3E27-CCCE-43AE-8D6C-D4427EC507B7 backup_codes


sudo -u www-data php occ twofactorauth:disable 550E3E27-CCCE-43AE-8D6C-D4427EC507B7 totp

Use e.g. the following command to get a list of enabled 2fa providers for a user and to double-check that you are using the right abbreviation for it:

./occ twofactorauth:state <user>
Two-factor authentication is enabled for user XYZ

Enabled providers:
- backup_codes
- gateway_telegram
- totp                  <<< ?!
- u2f
Disabled providers:
- admin
- gateway_signal
- gateway_sms

Thanks everyone, I was able to use the impersonate app and remove it for the user.