Deactivate TOTP for 1 User?

  • NC asks for a TOTP authentification
  • No TOTP key nor Backup Keys available
  • Reset password with occ
  • TOTP still requested at login

How to deactivate TOTP for that user?

Anyone any idea?

Hmmm … there was a solution, but I don’t remember … perhaps using occ?

twofactorauth
twofactorauth:disable               Disable two-factor authentication for a user
twofactorauth:enable                Enable two-factor authentication for a user

$ sudo -u www-data php occ twofactorauth:disable USERNAME

Just wanted to add: In my installations (NC versions 20+) it is also required to add the provider ID; so for example if one wants to disable TOTP the command would be (ubuntu apache)

sudo -u www-data php occ twofactorauth:disable USERNAME totp

Realise this is an old thread but a client of mine is currently evaluating cloud storage systems with Seafile and Nextcloud been the two short-listed. 2FA is critical for them so I’ve added the TOTP application and enforced it. Works fine but the scenario covered in this post is not that uncommon - user gets new phone, messes up restoring accounts to TOTP app and has lost their backup codes.

In Seafile, the administrator simply turns 2FA off on their account and next time they logon, they are forced to set it up again.

Is the only solution here via the SSH console/command line as documented above? If so, then can I strongly suggest a feature request here. 2FA is becoming almost mandatory as part of cyber insurance.