Disable MFA by updating database directly

I hope I’m posting this under the correct topic, if not I apologize.
We are using self hosted Passbolt CE v4.5.2-1 running on Rocky Linux 8. We have MFA enabled (TOTP) and are using Microsoft Authenticator with it.
If for some reason MS Authenticator was unavailable, due to an outage or some other cause then no one would be able to log into Passbolt as I understand it.
A solution would be to disable MFA however if the administrator can’t log in then it’s not possible to disable MFA from within the application.

I looked at the environment variable reference but did not see a variable that controls MFA.

Is it possible to update a table in the database directly and disable MFA?

Has anyone already done this? If so could your share the query you used to update the database to disable MFA?

I was thinking if there was just one column in one table that held the state of MFA it should be simple to update that column to disable MFA.

Thanks everyone!!

Hello @skystar , welcome to our community :slight_smile:

I share your concerns regarding the possibility to disable MFA from the database, and yes, this is possible.

You’d need to copy the id that is related to your account, you can have it with this SQL query:
SELECT id,username FROM users WHERE username='YOUR_EMAIL'

Then, you can delete the account settings that refers to MFA for this identifier you’ve copied before:
DELETE FROM account_settings WHERE user_id='YOUR_USER_ID' AND property='mfa';

After that you should be able to log in without any MFA required, do not forget to re-configure it afterwards :wink:

Thanks @antony , that was exactly what I was looking for. I really appreciate you taking time out of your busy day to help me, Thank you very much!!

1 Like