diff --git a/cli/cmd/admin.go b/cli/cmd/admin.go
index fd22bc739..3a54b13ac 100644
--- a/cli/cmd/admin.go
+++ b/cli/cmd/admin.go
@@ -29,6 +29,9 @@ var _userDetailsCmd = &cobra.Command{
 				flags.UserEmail = f.Value.String()
 			}
 		})
+		if flags.UserEmail == "" {
+			return fmt.Errorf("user email is required")
+		}
 		return ctrl.GetUserId(context.Background(), *flags)
 	},
 }
@@ -47,8 +50,11 @@ var _disable2faCmd = &cobra.Command{
 				flags.UserEmail = f.Value.String()
 			}
 		})
-		fmt.Println("Not supported yet")
-		return nil
+		if flags.UserEmail == "" {
+			return fmt.Errorf("user email is required")
+		}
+		return ctrl.Disable2FA(context.Background(), *flags)
+
 	},
 }
 
@@ -86,6 +92,9 @@ var _updateFreeUserStorage = &cobra.Command{
 				noLimit = strings.ToLower(f.Value.String()) == "true"
 			}
 		})
+		if flags.UserEmail == "" {
+			return fmt.Errorf("user email is required")
+		}
 		return ctrl.UpdateFreeStorage(context.Background(), *flags, noLimit)
 	},
 }
diff --git a/cli/internal/api/admin.go b/cli/internal/api/admin.go
index 0f21e2d82..c2b948111 100644
--- a/cli/internal/api/admin.go
+++ b/cli/internal/api/admin.go
@@ -47,6 +47,29 @@ func (c *Client) ListUsers(ctx context.Context) ([]models.User, error) {
 	return res.Users, nil
 }
 
+func (c *Client) Disable2Fa(ctx context.Context, userID int64) error {
+	var res interface{}
+
+	payload := map[string]interface{}{
+		"userID": userID,
+	}
+	r, err := c.restClient.R().
+		SetContext(ctx).
+		SetResult(&res).
+		SetBody(payload).
+		Post("/admin/user/disable-2fa")
+	if err != nil {
+		return err
+	}
+	if r.IsError() {
+		return &ApiError{
+			StatusCode: r.StatusCode(),
+			Message:    r.String(),
+		}
+	}
+	return nil
+}
+
 func (c *Client) UpdateFreePlanSub(ctx context.Context, userDetails *models.UserDetails, storageInBytes int64, expiryTimeInMicro int64) error {
 	var res interface{}
 	if userDetails.Subscription.ProductID != "free" {
diff --git a/cli/pkg/admin_actions.go b/cli/pkg/admin_actions.go
index 7b9927c6a..a7a060f66 100644
--- a/cli/pkg/admin_actions.go
+++ b/cli/pkg/admin_actions.go
@@ -33,7 +33,7 @@ func (c *ClICtrl) ListUsers(ctx context.Context, params model.AdminActionForUser
 	users, err := c.Client.ListUsers(accountCtx)
 	if err != nil {
 		if apiErr, ok := err.(*api.ApiError); ok && apiErr.StatusCode == 400 && strings.Contains(apiErr.Message, "Token is too old") {
-			fmt.Printf("Old admin token, please re-authenticate using `ente account add` \n")
+			fmt.Printf("Error: old admin token, please re-authenticate using `ente account add` \n")
 			return nil
 		}
 		return err
@@ -44,6 +44,27 @@ func (c *ClICtrl) ListUsers(ctx context.Context, params model.AdminActionForUser
 	return nil
 }
 
+func (c *ClICtrl) Disable2FA(ctx context.Context, params model.AdminActionForUser) error {
+	accountCtx, err := c.buildAdminContext(ctx, params.AdminEmail)
+	if err != nil {
+		return err
+	}
+	userDetails, err := c.Client.GetUserIdFromEmail(accountCtx, params.UserEmail)
+	if err != nil {
+		return err
+	}
+	err = c.Client.Disable2Fa(accountCtx, userDetails.User.ID)
+	if err != nil {
+		if apiErr, ok := err.(*api.ApiError); ok && apiErr.StatusCode == 400 && strings.Contains(apiErr.Message, "Token is too old") {
+			fmt.Printf("Error: Old admin token, please re-authenticate using `ente account add` \n")
+			return nil
+		}
+		return err
+	}
+	fmt.Println("Successfully disabled 2FA for user")
+	return nil
+}
+
 func (c *ClICtrl) UpdateFreeStorage(ctx context.Context, params model.AdminActionForUser, noLimit bool) error {
 	accountCtx, err := c.buildAdminContext(ctx, params.AdminEmail)
 	if err != nil {