add rake scripts instead of running the runner

Author: tds-1

self-hosted/configuration/multi-factor-authentication.mdx

@@ -120,16 +120,14 @@ If a user loses access to their authenticator:
 
 2. **Admin intervention** (if backup codes are also lost):
 ```bash
-# Disable MFA for a specific user
-rails runner "
-  user = User.find_by(email: 'user@example.com')
-  user.update!(
-    otp_required_for_login: false,
-    otp_secret: nil,
-    otp_backup_codes: nil
-  )
-  puts 'MFA disabled for ' + user.email
-"
+# Reset MFA for a specific user
+rake mfa:reset[user@example.com]
+
+# Generate new backup codes for a user
+rake mfa:generate_backup_codes[user@example.com]
+
+# Reset MFA for all users
+rake mfa:reset_all
 ```
 
 ## Security Best Practices
@@ -166,22 +164,6 @@ rails runner "
 If encryption keys are lost:
 1. All users will need to re-enable MFA
 2. Communicate the issue to users promptly
-3. Consider temporary alternative authentication methods
-
-### Rolling Back MFA
 
-To completely disable MFA for all users:
-
-```bash
-# Disable MFA for all users
-rails runner "
-  User.update_all(
-    otp_required_for_login: false,
-    otp_secret: nil,
-    otp_backup_codes: nil
-  )
-  puts 'MFA disabled for all users'
-"
-```
 
 *This guide applies to Chatwoot version 4.6 and above*