As part of the two-factor authentication set up, you’ll need to download or copy a set of recovery codes which you can use when you lose your mobile device, or when you simply cannot access the device to generate the authentication code.

Please treat your recovery codes with the same level of security as you would your password. We recommend saving them for example in a password manager.

Using a two-factor authentication recovery code

Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager

  • Type your username and password to prompt authentication.
  • The “Two-factor authentication” screen will show the Authentication code field.
  • Enter your two-factor recovery code in the Authentication code field.
  • Click “Verify” button.

Enter Recovery code in this field

Once successfully logged in, proceed to set up two-factor authentication on your new device.

Each recovery-code will only work once, so we also recommend to delete the used recovery code from your password manager.

When you don’t have access to your mobile device or your recovery codes

As soon as you have used all recovery-codes, you won’t be able to log in anymore. If you have used a few recovery-codes, you may want to generate new recovery-codes by going to “Administration => User Settings => Show recovery codes”.

If you have no access to your mobile device anymore but you still have access to recovery code, use the steps above to set up two-factor authentication on another device (each recovery-code will only work once so it’s important to not use this technique often)

If you have no access to your mobile device and no recovery codes, you need to contact a user with super user access and ask them to reset your two-factor authentication for you. A user with super user access can do this by going to “Administration => Users”, and then clicking on “Edit” your user.

If you are a super user yourself and are unable to log in, you can disable two-factor authentication through the command line

$ ./console twofactorauth:disable-2fa-for-user --login=yourlogin

or if you use Matomo on our Cloud, please get in touch with our support.

Previous FAQ: How do I restrict viewing the analytics reports to one or more allowed IP addresses or IP ranges?