diff --git a/internal/db/user.go b/internal/db/user.go
index a2db3691..04bdfbaf 100644
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -85,6 +85,19 @@ func UpdateUser(u *model.User) error {
 	return errors.WithStack(db.Save(u).Error)
 }
 
+func Cancel2FAByUser(u *model.User) error {
+	u.OtpSecret = ""
+	return errors.WithStack(UpdateUser(u))
+}
+
+func Cancel2FAById(id uint) error {
+	user, err := GetUserById(id)
+	if err != nil {
+		return err
+	}
+	return Cancel2FAByUser(user)
+}
+
 func GetUsers(pageIndex, pageSize int) ([]model.User, int64, error) {
 	userDB := db.Model(&model.User{})
 	var count int64
diff --git a/server/handles/user.go b/server/handles/user.go
index 5aa67d3a..2902d682 100644
--- a/server/handles/user.go
+++ b/server/handles/user.go
@@ -64,6 +64,9 @@ func UpdateUser(c *gin.Context) {
 	if req.Password == "" {
 		req.Password = user.Password
 	}
+	if req.OtpSecret == "" {
+		req.OtpSecret = user.OtpSecret
+	}
 	if err := db.UpdateUser(&req); err != nil {
 		common.ErrorResp(c, err, 500)
 	} else {
@@ -99,3 +102,17 @@ func GetUser(c *gin.Context) {
 	}
 	common.SuccessResp(c, user)
 }
+
+func Cancel2FAById(c *gin.Context) {
+	idStr := c.Query("id")
+	id, err := strconv.Atoi(idStr)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	if err := db.Cancel2FAById(uint(id)); err != nil {
+		common.ErrorResp(c, err, 500)
+		return
+	}
+	common.SuccessResp(c)
+}
diff --git a/server/router.go b/server/router.go
index e3512af3..bdd68505 100644
--- a/server/router.go
+++ b/server/router.go
@@ -52,6 +52,7 @@ func admin(g *gin.RouterGroup) {
 	user.GET("/get", handles.GetUser)
 	user.POST("/create", handles.CreateUser)
 	user.POST("/update", handles.UpdateUser)
+	user.POST("/cancel_2fa", handles.Cancel2FAById)
 	user.POST("/delete", handles.DeleteUser)
 
 	storage := g.Group("/storage")