Scenario
A user or admin has changed authenticator apps and needs to re-scan the QR code to set up MFA again.
Steps to Reset MFA
Reset the user’s password (recommended to control access during the process)
In the Google Admin Console:
- Go to Directory → Users
- Select the user
- Go to Security → Login challenge
- Click Turn off for 10 minutes
Ask the user to sign in immediately (within the 10-minute window)
Once signed in, the user should:
- Go to Google Account → Security
- Open 2-Step Verification
- Select Set up Authenticator app
- Scan the new QR code with their new device
(Optional) Remove the old authenticator device from their 2SV methods
Important Notes
- “Turn off login challenge” does not reset MFA — it only allows temporary access
- MFA is effectively “reset” when the user reconfigures 2-Step Verification inside their account
- For admin accounts, you may need a super admin to generate backup codes if access still fails
Fallback Option (if the above fails)
- In Admin Console → User → Security
- Generate backup verification codes (this may need the Super Admin user)
- Use a code to sign in, then reconfigure 2-Step Verification