Skip to main content
The user:disable-two-factor command allows administrators to disable two-factor authentication (2FA) for users who have lost access to their authenticator app or recovery codes.
This command should only be used in exceptional circumstances. All usage is logged for security auditing purposes.

Command Signature

php artisan user:disable-two-factor {user_email} {reason} [--force] [--allow-admin]
Parameter/OptionDescription
user_emailThe email address of the user (case-insensitive)
reasonReason for disabling 2FA (required for audit logging)
--forceSkip confirmation prompt (non-admin users only)
--allow-adminAllow disabling 2FA for admin users (always requires interactive confirmation)

Usage Examples

# Standard usage (with confirmation prompt)
php artisan user:disable-two-factor [email protected] "User lost access to authenticator app"

# Non-interactive mode
php artisan user:disable-two-factor [email protected] "Automated recovery" --force

# For admin users (requires confirmation, cannot use --force)
php artisan user:disable-two-factor [email protected] "Emergency access" --allow-admin

Running in Docker

# Non-interactive
docker compose exec api php artisan user:disable-two-factor [email protected] "Lost authenticator" --force

# Interactive (for admin users)
docker compose exec -it api php artisan user:disable-two-factor [email protected] "Emergency" --allow-admin
Use -it flags for interactive commands (without --force) to allow the confirmation prompt.

Security Notes

  • All operations are logged to the Slack admin channel with user ID, email, reason, and admin override status
  • Admin users require --allow-admin flag and cannot bypass confirmation with --force
  • Users who can access their authenticator should disable 2FA through their account settings instead