For a user that need to change device after pairing or mistakenly delete the record in Google Authenticator app, they need to contact administrator for reset. For companies that making use of Google Authenticator for 2FA like Gmail itself or Nintendo, they avoid Admin intervention by providing backup/emergency code in the pairing process. They will generate 10 emergency codes (only able to use once for each code). User need to write down the codes and keep it secretly. In case they really need to login (without the google authenticator), they can input the emergency code to login and reset the pairing. It would be great if Parallels considers it.