What is the best practice for resetting multi-factor when a user requests to recover their password?

I am in the process of developing a web-application which requires MFA on every login. (On the first login, before you can do anything, you are forced to setup MFA. Due to monetary restrictions and development time restraints, the MFA chos… Continue reading What is the best practice for resetting multi-factor when a user requests to recover their password?