As an MSP it is critical for us to be able to reset 2FA for our managed users.
Currently if the user changes phones and loses their Recovery Codes, we have no choice but to delete their account and start from scratch.
This is a frustrating and risky situation for our users. Of course, we can tell them to simply print out the codes and store them somewhere safe (and we do) but you can never rely this factor alone (we have had cases where users simply misplaced the recovery codes).
Physically printing the codes also comes with it’s own set of security implications.
Please add the ability for us to reset our users’ 2FA - other services like Microsoft already provide this ability.
Thank you,