Firefly III can generate new backup codes.

app/Http/Controllers/ProfileController.php

@@ -290,6 +290,7 @@ class ProfileController extends Controller
         $subTitle       = $user->email;
         $userId         = $user->id;
         $enabled2FA     = null !== $user->mfa_secret;
+        $mfaBackupCount = count(Preferences::get('mfa_recovery', [])->data);
 
         // get access token or create one.
         $accessToken = app('preferences')->get('access_token', null);
@@ -298,7 +299,26 @@ class ProfileController extends Controller
             $accessToken = app('preferences')->set('access_token', $token);
         }
 
-        return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA', 'loginProvider'));
+        return view('profile.index', compact('subTitle', 'mfaBackupCount', 'userId', 'accessToken', 'enabled2FA', 'loginProvider'));
+    }
+
+    /**
+     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     */
+    public function newBackupCodes()
+    {
+        // generate recovery codes:
+        $recovery      = app(Recovery::class);
+        $recoveryCodes = $recovery->lowercase()
+                                  ->setCount(8)     // Generate 8 codes
+                                  ->setBlocks(2)    // Every code must have 7 blocks
+                                  ->setChars(6)    // Each block must have 16 chars
+                                  ->toArray();
+        $codes         = implode("\r\n", $recoveryCodes);
+
+        Preferences::set('mfa_recovery', $recoveryCodes);
+
+        return view('profile.new-backup-codes', compact('codes'));
     }
 
     /**

resources/lang/en_US/firefly.php

@@ -95,6 +95,9 @@ return [
     'two_factor_lost_fix_self'          => 'If you run your own instance of Firefly III, check the logs in <code>storage/logs</code> for instructions, or run <code>docker logs &lt;container_id&gt;</code> to see the instructions (refresh this page).',
     'two_factor_lost_fix_owner'         => 'Otherwise, email the site owner, <a href="mailto::site_owner">:site_owner</a> and ask them to reset your two factor authentication.',
     'mfa_backup_code'                   => 'You have used a backup code to login to Firefly III. It can\'t be used again, so cross it from your list.',
+    'pref_two_factor_new_backup_codes'  => 'Get new backup codes',
+    'pref_two_factor_backup_code_count' => 'You have :count valid backup code(s).',
+    '2fa_i_have_them'                   => 'I stored them!',
     'warning_much_data'                 => ':days days of data may take a while to load.',
     'registered'                        => 'You have registered successfully!',
     'Default asset account'             => 'Default asset account',

resources/views/v1/profile/index.twig

@@ -85,11 +85,17 @@
                     <div class="box-body">
                         <p class="text-info">{{ 'pref_two_factor_auth_help'|_ }}</p>
                         {% if enabled2FA == true %}
+                            <p class="text-info">
+                                {{ trans('firefly.pref_two_factor_backup_code_count', {count: mfaBackupCount}) }}
+                            </p>
 
                             <div class="btn-group">
                                 <a class="btn btn-info" href="{{ route('profile.code') }}">
                                     <i class="fa fa-recycle"></i>
                                     {{ 'pref_two_factor_auth_reset_code'|_ }}</a>
+                                <a class="btn btn-default" href="{{ route('profile.new-backup-codes') }}">
+                                    <i class="fa fa-star"></i>
+                                    {{ 'pref_two_factor_new_backup_codes'|_ }}</a>
                                 <a class="btn btn-danger" href="{{ route('profile.delete-code') }}">
                                     <i class="fa fa-trash"></i>
                                     {{ 'pref_two_factor_auth_disable_2fa'|_ }}</a>

resources/views/v1/profile/new-backup-codes.twig

@@ -0,0 +1,29 @@
+{% extends "./layout/default" %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <div class="form group">
+                            <p>
+                                {{ '2fa_backup_codes'|_ }}
+                            </p>
+                            <pre>{{ codes }}</pre>
+                        </div>
+                    </div>
+                    <div class="box-footer">
+                        <a class="btn btn-success" href="{{ route('profile.index') }}">{{ '2fa_i_have_them'|_ }}</a>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+{% endblock %}

routes/breadcrumbs.php

@@ -669,6 +669,14 @@ try {
         }
     );
 
+    Breadcrumbs::register(
+        'profile.new-backup-codes',
+        function (BreadcrumbsGenerator $breadcrumbs) {
+            $breadcrumbs->parent('home');
+            $breadcrumbs->push(trans('breadcrumbs.profile'), route('profile.index'));
+        }
+    );
+
     // PROFILE
     Breadcrumbs::register(
         'profile.index',

routes/web.php

@@ -644,6 +644,7 @@ Route::group(
     Route::get('2fa/code', ['uses' => 'ProfileController@code', 'as' => 'code']);
     Route::post('2fa/code', ['uses' => 'ProfileController@postCode', 'as' => 'code.store']);
     Route::get('/delete-code', ['uses' => 'ProfileController@deleteCode', 'as' => 'delete-code']);
+    Route::get('2fa/new-codes', ['uses' => 'ProfileController@newBackupCodes', 'as' => 'new-backup-codes']);
 
 }
 );