With two factor authentication enabled, there is a risk that we cannot access our instance if pro.caprover.com is down. It's relatively easy to revert to non-2FA by running a script as described here.

But rather than having to seek out this help page, create and run this script (maybe not so easy for those with more limited knowlege, and what happens if caprover.com is also down?), my suggestion is to install this "reset OTP" helper script locally when installing caprover, so it's then just a case of running that script directly when needed. Either in some bin folder that is already in the PATH or even just in /captain/scripts or somewhere like that.

Apparently it's not possible to disable 2FA via the CLI (because the CLI talks to the server through the API which requires authentication, which in turn requires 2FA... so when 2FA is down, CLI authentication also fails)... but could the CLI command (e.g. caprover disable2fa) just be a shortcut to run the local script itself (rather than trying to talk to the server as such)?