...
This guide explains how SDP site admins can disable a user’s two-factor authentication (TFA) setup.
Troubleshooting with users
Failed validation limit reached
When a user gets 6 attempts wrong in 5 minutes, they are locked out of trying to sign in for 5 minutes.
If a user reports that they have received the ‘Failed validation limit reached’ error:
Check they have been using codes from the TFA application linked with their CMS account.
Their TFA application will show the account username or email near or above the code.
Ask them to wait 5 minutes from when they received the ‘Failed validation limit reached’ error.
If the user replies and is still having issues, you will need to disable the 2FA application setup in their user account so they can set it up again.
Disable/clear a user’s two-factor authentication
...
If a user has lost access to their TFA application or it is no longer working, you’ll need to follow the below steps to disable it. The user will then be able to set up a new TFA upon logging in.
setup
Go to the user’s account in the CMS.
Click the TFA tab on the user’s profile.
...
Enter your password and click ‘disable'.
...
You will be returned back to the TFA tab of the editor's profile and will see the status message ‘TFA has been disabled’. The next time the user logs in, they will be required to set up TFA before accessing the CMS.
...
Needing your two-factor authentication reset as a site admin
...