Is it possible to reset the MFA for a user?

cloudposse / bastion

🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support

https://cloudposse.com/accelerate

Apache License 2.0

640 stars 112 forks source link

Is it possible to reset the MFA for a user? #60

Closed skel84 closed 1 year ago

skel84 commented 3 years ago

Hi,

as per the title, is it possible to reset the MFA device for a user and set up a new one?

Thanks

jonmchan commented 1 year ago

Yes, simply delete the ~YOURUSER/.google_authenticator file and the next time the user logs in, he will be able to link a new MFA device.

Additionally, if you want to recover the MFA device token (only do this if you are certain that the original MFA device has not been compromised), you can copy the first line from ~YOURUSER/.google_authenticator into a MFA application and it can should be able to generate the same MFA tokens as your original device.