diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb
index d1503150..5839fda5 100755
--- a/app/controllers/profile_controller.rb
+++ b/app/controllers/profile_controller.rb
@@ -7,7 +7,7 @@ class ProfileController < ApplicationController
   prepend_before_filter :setup_user if Rails.env.development?
 
   def regen_auth
-    current_user.generate_two_factor_auth
+    current_user.generate_two_factor_auth(true)
     redirect_to profile_path
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index a5798cf0..4a504e7c 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -32,11 +32,11 @@ def initialise_host_and_group
     groups << Group.find_or_initialize_by(name: user_login_id)
   end
 
-  def generate_two_factor_auth
-    if persisted?
+  def generate_two_factor_auth(force_create = false)
+    if persisted? && (force_create || (!force_create && auth_key.blank?))
       self.auth_key = ROTP::Base32.random_base32
       totp = ROTP::TOTP.new(auth_key)
-      self.provisioning_uri = totp.provisioning_uri "GoJek-C #{name}"
+      self.provisioning_uri = totp.provisioning_uri "GoJek-C #{email}"
       save!
     end
   end
diff --git a/spec/controllers/profile_controller_spec.rb b/spec/controllers/profile_controller_spec.rb
deleted file mode 100644
index 644953d2..00000000
--- a/spec/controllers/profile_controller_spec.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-require 'rails_helper'
-
-RSpec.describe ProfileController, type: :controller do
-
-  let(:user) { FactoryBot.create(:user, name: "foobar", admin: true, user_login_id: "foobar", email: "foobar@foobar.com")  }
-
-  context "mfa" do
-    it "should recreate auth" do
-
-      #we should choose to stub the authentication with the method given here
-      #https://github.com/plataformatec/devise/wiki/How-To:-Stub-authentication-in-controller-specs
-      #but this requires to hand post create call in users and breaks some old tests.
-      #we need to fix those.
-      sign_in user
-
-      auth_key = user.auth_key
-      get :regen_auth
-
-      user.reload
-
-      expect(response.status).to eq(302)
-      expect(auth_key).to_not eq(user.auth_key)
-
-    end
-  end
-
-
-
-end
diff --git a/spec/features/users/regenerate_auth_spec.rb b/spec/features/users/regenerate_auth_spec.rb
new file mode 100644
index 00000000..81761840
--- /dev/null
+++ b/spec/features/users/regenerate_auth_spec.rb
@@ -0,0 +1,14 @@
+require 'rails_helper'
+RSpec.feature 'Rengenerate Auth Token', type: :feature do
+  let(:user) { create(:user) }
+  let(:rotp_key) { ROTP::Base32.random_base32 }
+  before(:each) do
+    allow(ROTP::Base32).to receive(:random_base32).and_return(rotp_key)
+  end
+  scenario 'Create an organisation successfully' do
+    sign_in user
+    expect(user).to receive(:generate_two_factor_auth).with(true)
+    visit regenerate_authentication_path
+    expect(current_path).to eq(profile_path)
+  end
+end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 65e4ad1e..4a7abee9 100755
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -79,9 +79,12 @@
 
   describe 'generate_two_factor_auth' do
     let(:rotp_key) { ROTP::Base32.random_base32 }
+    let(:new_rotp_key) { ROTP::Base32.random_base32 }
 
-    before(:each) do
-      allow(ROTP::Base32).to receive(:random_base32).and_return(rotp_key)
+    before(:each) do |ex|
+      unless ex.metadata[:skip_before]
+        allow(ROTP::Base32).to receive(:random_base32).and_return(rotp_key)
+      end
     end
 
     it 'shouldn\'t generate key if user is not created' do
@@ -100,7 +103,31 @@
     it 'should update provisioning url' do
       user = create(:user)
       user.generate_two_factor_auth
-      url = ROTP::TOTP.new(rotp_key).provisioning_uri "GoJek-C #{user.name}"
+      url = ROTP::TOTP.new(rotp_key).provisioning_uri "GoJek-C #{user.email}"
+      expect(user.provisioning_uri).to eq(url)
+    end
+
+    it 'shouldn\'t generate the token if it\'s already generated', skip_before: true do
+      user = create(:user)
+      allow(ROTP::Base32).to receive(:random_base32).and_return(new_rotp_key)
+      url = ROTP::TOTP.new(new_rotp_key).provisioning_uri "GoJek-C #{user.email}"
+      user.generate_two_factor_auth
+      allow(ROTP::Base32).to receive(:random_base32).and_return(rotp_key)
+      user.generate_two_factor_auth
+      user.reload
+      expect(user.auth_key).to eq(new_rotp_key)
+      expect(user.provisioning_uri).to eq(url)
+    end
+
+    it 'should generate the token if its already generated and force_generate is true',
+      skip_before: true do
+      user = create(:user)
+      allow(ROTP::Base32).to receive(:random_base32).and_return(new_rotp_key)
+      url = ROTP::TOTP.new(new_rotp_key).provisioning_uri "GoJek-C #{user.email}"
+      user.generate_two_factor_auth true
+      allow(ROTP::Base32).to receive(:random_base32).and_return(rotp_key)
+      user.generate_two_factor_auth
+      expect(user.auth_key).to eq(rotp_key)
       expect(user.provisioning_uri).to eq(url)
     end
   end