diff --git a/src/routes/users.js b/src/routes/users.js
index 898c9ba60..d56eedcff 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -151,16 +151,15 @@ async function createInvite(req, res, next) {
     next(new HttpSuccess(200, result));
 }
 
-function disableTwoFactorAuthentication(req, res, next) {
+async function disableTwoFactorAuthentication(req, res, next) {
     assert.strictEqual(typeof req.resource, 'object');
 
     if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
 
-    users.disableTwoFactorAuthentication(req.resource.id, function (error, result) {
-        if (error) return next(BoxError.toHttpError(error));
+    const [error] = await safe(users.disableTwoFactorAuthentication(req.resource.id, auditSource.fromRequest(req)));
+    if (error) return next(BoxError.toHttpError(error));
 
-        next(new HttpSuccess(200, result));
-    });
+    next(new HttpSuccess(200, {}));
 }
 
 async function sendInvite(req, res, next) {