How do I see the QR code again?
-
Having 2FA is great, but there are two problems with the setup.
1. If I lose my phone or my phone fails, I’ve lost my 2FA. I can use the backup code to get in, but how do I see the QR code again in order to set up a new phone?
2. I need the actual secret key rather than a QR code, because I put this into a password manager. I can get the key by reading the QR code with a QR code reader, but it would be much easier to display the key under the QR code (as other websites do). (If I had this option, it would be easy for me to fix problem 1.)
Thank you.
-
@javilabbe — That’s quite a process! I managed to figure it out without having to delete your user.
Delete the existing key for a user
Take a full backup of your database beforehand in case you mess up, but if you do this carefully, it should be fine.
Go to phpMyAdmin or whatever database tool you use.
-
Find the user’s ID:
SELECT ID FROM wp_users WHERE user_login = '[username]'; -
Find the user’s 2FA record (this step is optional, but it helps to check that you have the right details):
SELECT * FROM wp_usermeta WHERE user_id = [userid] AND meta_key LIKE 'sg_security%'; -
Delete these rows:
DELETE FROM wp_usermeta WHERE user_id =[userid] AND meta_key LIKE 'sg_security%'; - WordPress back end > SG Security > Login Security > Two-factor authentication > turn off and then turn on again. (I don’t know why this step is needed, but it’s safe: it won’t clear the 2FA for any other user.)
- Log out and log in again.
To find the secret key so that you have a backup
When you log in again, SG Security presents you with a new QR code.
Use a QR code scanner to see the details. (I have Android with Google’s camera, and it comes with a QR code scanner.) The result looks like this:
otpauth://totp/https://[domain] ([email])?secret=[secretkey] -
Find the user’s ID:
The topic ‘How do I see the QR code again?’ is closed to new replies.
