diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AuthenticatorAppController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AuthenticatorAppController.cs
index d5272dcfbc8..fe383e00be7 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AuthenticatorAppController.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AuthenticatorAppController.cs
@@ -138,7 +138,7 @@ public async Task<IActionResult> ResetPost()
             return UserNotFound();
         }
 
-        return await RemoveTwoFactorProviderAync(user, async () =>
+        return await RemoveTwoFactorProviderAsync(user, async () =>
         {
             await UserManager.ResetAuthenticatorKeyAsync(user);
 
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationBaseController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationBaseController.cs
index 60883652d3d..47cc3242384 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationBaseController.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationBaseController.cs
@@ -73,7 +73,7 @@ await DistributedCache.SetAsync(key, data,
             });
     }
 
-    protected async Task<IActionResult> RemoveTwoFactorProviderAync(IUser user, Func<Task> onSuccessAsync)
+    protected async Task<IActionResult> RemoveTwoFactorProviderAsync(IUser user, Func<Task> onSuccessAsync)
     {
         var currentProviders = await GetTwoFactorProvidersAsync(user);
 
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs
index 566248d4c2e..466bc4db375 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs
@@ -119,9 +119,10 @@ public override void ConfigureServices(IServiceCollection services)
             // Add ILookupNormalizer as Singleton because it is needed by UserIndexProvider
             services.TryAddSingleton<ILookupNormalizer, UpperInvariantLookupNormalizer>();
 
-            // Add the default token providers used to generate tokens for reset passwords, change email,
-            // and for two-factor authentication token generation.
-            services.AddIdentity<IUser, IRole>();
+            // Add the default token providers used to generate tokens for an admin to change user's password.
+            services.AddIdentity<IUser, IRole>()
+                .AddTokenProvider<DataProtectorTokenProvider<IUser>>(TokenOptions.DefaultProvider);
+
             services.AddTransient<IConfigureOptions<IdentityOptions>, IdentityOptionsConfigurations>();
             services.AddPhoneFormatValidator();
             // Configure the authentication options to use the application cookie scheme as the default sign-out handler.