In the event of a device failure, loss, or theft where the authenticator app is installed—and the credentials cannot be recovered—there should be an option for a top-level administrator to remove two-factor authentication (2FA) and reconfigure it for another admin user. This process should not require contacting support, especially as such incidents may occur over a weekend when support is unavailable. Without this capability, the affected user would be completely locked out of the system until support becomes accessible.