How to Disable Email 2FA in Rocket Chat

This may seem weird, but interestingly, if you have set up Rocket Chat for the first time and haven’t added Email SMTP settings yet, you may encounter this issue: when you log out, Rocket Chat will prompt you to enter a Two-Factor Authentication (2FA) code sent to your email. This should not happen initially because Rocket Chat should check whether SMTP is set up or not. However, there is a solution to this problem. Read on to learn how to disable email 2FA in Rocket Chat.

There are different ways to fix this. Let’s go through them one by one.

Rocket Chat information

  • Version: 6.3.4
  • Installation method: Snap

Option 1

If you are already logged into the Rocket Chat workspace, simply go to Administration > Settings > Accounts > Two Factor Authentication. Then, disable Enable Two Factor Authentication via Email.

disable-2fa-via-administration-rc

If you are locked out of this option, try option 2.

Option 2

If you are already logged into the API, it’s easy to disable it. More details are here.

curl  -H 'X-Auth-Token: _2u_4MzRroRcnqc59GYUY_Kwgr9HgtZ9HCKn-2aIvMJ' \
      -H 'X-User-Id: FL2fZL4ERhwA3gWiS' \
      -H "Content-type: application/json" \
      'http://localhost:3000/api/v1/users.2fa.disableEmail\

To obtain the X-Auth-Token header, you first need to log in via the API at (/api/v1/login). If you are already logged in, that’s great. Proceed by calling the /api/v1/me endpoint to retrieve the necessary details. However, if you are not logged in, the login API will return an error and prompt you to enter or use the 2FA code for login.

This is also not a viable solution for your case; please proceed to option 3.

Option 3

And this leads us to the final and functional solution to this issue. I have tested this on a snap installation, but the process remains the same for others too. You will need to access the MongoDB shell to execute certain queries.

Run this on your snap installation to enter the MongoDB shell.

rocketchat-server.mongo

Once in the shell, run the following queries.

use parties;

db.rocketchat_settings.update({"_id" : "Accounts_TwoFactorAuthentication_By_Email_Enabled"},{$set: {"packageValue" : false}});

db.rocketchat_settings.update({"_id" : "Accounts_TwoFactorAuthentication_By_Email_Enabled"},{$set: {"value" : false}});

This will disable Two-Factor Authentication for email, and you can now log in with the standard username and password.

Not required, but if you want to disable 2FA overall…

db.rocketchat_settings.update({"_id" : "Accounts_TwoFactorAuthentication_Enabled"},{$set: {"packageValue" : false}});

db.rocketchat_settings.update({"_id" : "Accounts_TwoFactorAuthentication_Enabled"},{$set: {"value" : false}});

Exit the shell once you’re done.

exit