Most users run their Authenticator apps from their phones. When a phone is lost, or worst stolen, then threat actors have the potential of masquerading as the user and typically the user is unable to fully authenticate into their various accounts requiring multi-factor authentications (MFA).
If the user is currently authenticated to Lochbox on another device, they can first disable the `two-factor authentication` from the app's Settings | Security & Privacy menu. Then re-enable it, which will change the code being used. The lost or stolen Authenticator will no longer have the correct code.
Otherwise, the user can `Forgot password?` link on the login page to reset their password. After the password for the account is reset, the user will be logged into their account, but will still need to disable and re-enable the MFA from the Settings | Security & Privacy menu.