So you have configured WordPress to use 2-factor authentication – well done. You are most likely using the Google Authenticator app on your mobile phone to generate the required pin code.
Problem
But what to do if your mobile phone gets damaged -or even worse- stolen? How can you logon to WordPress to recover or change the Secret Key necessary to configure Google Authenticator on another mobile phone?
Solution
Temporarily rename the Google Authenticator plugin folder inside WordPress. The plugin will no longer load and 2-factor authentication is temporarily disabled. You can now simply login with username and password and retrieve or change the Secret Key. After you rename the Google Authenticator plugin folder inside WordPress back to its original name, 2-factor authentication is again enabled.
The process in more detail:
cd wp-content/plugins
mv google-authenticator google-authenticator.tmp
2-factor authentication is now disabled.
Login to WordPress using just username and password authentication.
Go to Dashboard | Users
Generate a new Secret Key or just write down the existing Secret key.
Configure Google Authenticator on a mobile phone.
mv google-authenticator.tmp google-authenticator
2-factor authentication is now enabled
(Logout and) Login to WordPress using 2-factor authentication.
This way there is no need to change table fields in the database.
Alternatively there are Google Authentication apps (not made by Google) that offer extra features like exporting the Secret Keys or transferring Secret Keys between phones. Some even offer to store the Secret Key(s) on the internet for you.
I prefer simply regaining access to the original keys rather than storing keys in multiple locations or in a non-trusted environment.
Easy.