> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# MFA Device Management

> How to delete user MFA devices and perform admin resets.

<Card title="Recommended: JavaScript SDK with React Hooks" icon="react" color="#4779FE">
  For new React apps, we recommend the JavaScript SDK with React Hooks (`@dynamic-labs-sdk/react-hooks`) instead of the legacy React SDK documented here. The JS SDK comes with many benefits such as a much smaller bundle size and other optimizations. Use the [React quickstart (JavaScript SDK)](/javascript/reference/react-quickstart) to get started.
</Card>

## Deleting a device

Users might need to delete an MFA device if it's lost or replaced. To do so, first authenticate with the device, then use the `deleteUserDevice` function.

**Delete a TOTP device with TOTP code:**

```tsx theme={"system"}
import { useMfa } from '@dynamic-labs/sdk-react-core';

const { authenticateDevice, deleteUserDevice } = useMfa();

const deleteDevice = async (deviceId: string, code: string) => {
  // First, create a single-use MFA token for the device
  const mfaAuthToken = await authenticateDevice({
    code,
    deviceId,
    createMfaToken: { singleUse: true }
  });

  // Then, delete the device using the token
  await deleteUserDevice(deviceId, mfaAuthToken);
};
```

**Delete a TOTP device with recovery code:**

```tsx theme={"system"}
import { useMfa } from '@dynamic-labs/sdk-react-core';

const { authenticateRecoveryCode, deleteUserDevice } = useMfa();

const deleteDevice = async (deviceId: string, code: string) => {
  // First, create a single-use MFA token for the device
  const mfaAuthToken = await authenticateRecoveryCode({
    code,
    createMfaToken: { singleUse: true }
  });

  // Then, delete the device using the token
  await deleteUserDevice(deviceId, mfaAuthToken);
};
```

## Admin Reset

If a user loses all their devices and recovery codes, an admin can reset their MFA from the Dynamic dashboard.

1. Go to the **Users** page in the [Dynamic Dashboard](https://app.dynamic.xyz/dashboard/users).
2. Find the user and open their detail panel.
3. In the **Security** section, click **Reset MFA**.
4. Confirm the action.

This removes all MFA devices from the user's account, letting them set up a new device on their next login.
