Two-Factor Authentication requires a secondary device in order to log in. Because of this, some users will inevitably need help when their device is lost or otherwise unavailable.

Clients

If a client needs to gain access to their account without their device, they can use the backup code that was provided when Two-Factor Authentication was configured. The option to Log in using Backup Code is displayed at the bottom of the two-factor authentication page after logging in with the email address and password.

If the backup code is not available, Two-Factor Authentication would need to be disabled for their account within the Admin Area. This can be disabled in the client's Profile tab at Clients > Manage Users or, prior to WHMCS 8.0, Clients > View/Edit Clients.

Admins

If an administrator needs to gain access to the Admin Area without their device, they can use the backup code provided when Two-Factor Authentication was configured. The option to Log in using Backup Code is displayed at the bottom of the two-factor authentication page after logging in with the username and password.

If the backup code is not available, Two-Factor Authentication would need to be disabled directly within the database by running the following SQL command against your WHMCS database:

Replace ADMIN_USERNAME with the admin username for which you wish to disable two-factor authentication.