diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 2cd0a6f5..8ca8588a 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -205,8 +205,14 @@ class UserController < ApplicationController
   def destroy_2fa
     current_user.otp_module = :disabled
     current_user.save!
-    TotpRecoveryCode.where(user_id: resource.id).delete_all
+    TotpRecoveryCode.where(user_id: current_user.id).delete_all
     flash[:success] = 'Two factor authentication has been disabled for your account.'
     redirect_to edit_user_security_path
   end
+
+  def reset_user_recovery_codes
+    TotpRecoveryCode.where(user_id: current_user.id).delete_all
+    @recovery_keys = TotpRecoveryCode.create!(Array.new(10) { {user: current_user, code: SecureRandom.base58(8).downcase} })
+    render 'settings/security/recovery_keys'
+  end
 end
diff --git a/app/views/settings/security/_totp_enabled.haml b/app/views/settings/security/_totp_enabled.haml
index 0ed03a30..ac45ab59 100644
--- a/app/views/settings/security/_totp_enabled.haml
+++ b/app/views/settings/security/_totp_enabled.haml
@@ -1,5 +1,6 @@
 %p Your account is set up to require the use of a one-time password in order to log in.
 %p You currently have #{@recovery_code_count} unused recovery codes.
-= link_to t('views.actions.remove'), destroy_user_2fa_path, class: 'btn btn-primary', method: 'delete',
+= link_to t('views.actions.remove'), destroy_user_2fa_path, class: 'btn btn-danger', method: 'delete',
           data: { confirm: t('views.settings.security.2fa.detach_confirm') }
-D
\ No newline at end of file
+= link_to "Re-generate recovery codes", reset_user_recovery_codes_path, class: 'btn btn-primary', method: 'delete',
+          data: { confirm: "Are you sure? This will disable your previous set of recovery codes." }
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 757b520c..dc67cee9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -70,6 +70,7 @@ Rails.application.routes.draw do
   match '/settings/security', to: 'user#edit_security', via: :get, as: :edit_user_security
   match '/settings/security/2fa', to: 'user#update_2fa', via: :patch, as: :update_user_2fa
   match '/settings/security/2fa', to: 'user#destroy_2fa', via: :delete, as: :destroy_user_2fa
+  match '/settings/security/recovery', to: 'user#reset_user_recovery_codes', via: :delete, as: :reset_user_recovery_codes
 
   # resources :services, only: [:index, :destroy]
   match '/settings/services', to: 'services#index', via: 'get', as: :services