Multi-Factor Authentication (MFA), Troubleshooting

This article can help with common issues users may encounter when trying to use multi-factor authentication (MFA).

Requesting a Temporary Passcode

Should you lose, misplace, or forget your MFA device and cannot authenticate, you can request a temporary passcode. These can also be requested if you are going to a testing center and will not have access to your device.

  • Passcodes are good for 3 days or 100 uses, whichever comes first. You can request 24 passcodes per year, so these should not be relied upon as a primary authentication method.

The instructions below assume that you know your password. If you do not know your password, please contact your Help Desk.

You need to request a Passcode in advance (i.e. you currently have your device)

  1. Visit the NetID Center.
  2. Select Temporary Passcode at the bottom of the page.

    temporary passcode

  3. Click "Yes, I have my device".
  4. Authenticate like normal using the device.
  5. Your passcode will then be displayed along with the expiration date.

    Temporary Passcode

You do not have your device and need a passcode now

  1. Visit the NetID Center.
  2. Select Temporary passcode at the bottom of the page.

    temporary passcode

  3. Click "No, I don't have my device".
  4. Authenticate using your password.
  5. An email with a passcode will be sent to your password recovery email. The email will be from noreply@uillinois.edu and subject will be UI Verify Temporary Passcode.

    emailed code

    If you do not have recovery options set up or cannot access your recovery options, you will need to call your University Service Desk to get a temporary passcode.

    Once you receive a temporary passcode, please visit https://identity.uillinois.edu to set up your recovery email under the Recovery Settings.

    For instructions on setting up recovery options, see NetID Center, Set and modify your recovery options.

How to use a temporary passcode

Duo Universal Prompt (Microsoft365 (Outlook, Word, Excel, etc.), Shibboleth (Canvas, Box, Zoom, Moodle, etc.), or the NetID Center):

  1. Go to the application you are trying to access that requires MFA and login with your NetID and password.
  2. Select the Bypass code option.
  3. Enter the code and click Verify.

Screenshot highlighting the bypass code option at the Duo Universal Prompt 

AITS Duo Prompt (some AITS Applications such as Banner, HR Reporting, My UI Info, Direct Deposit, etc.):

  1. Go to the application you are trying to access that requires MFA.
  2. Select Temporary Passcode from the drop down
  3. Enter the passcode and click Enter.

  screenshot showing temp passcode option at duo custom iframe

Cancel Temporary Passcode:

If you no longer need to use the temporary passcode you requested, you can cancel it for security.

  1. Visit the NetID Center at https://identity.uillinois.edu, select Manage my 2FA under 2-Factor Authentication
  2. Under My Devices & Settings select the next to Temporary Passcode and then the trash can to delete/expire the code.

expire code

Other Topics

Duo Remembered Devices Feature not working

If you choose for Duo to remember you or trust your browser, a trusted session will be created for 24 hours between you, your browser, and the endpoint you are logging into. This involves using a browser cookie. If you have restrictive cookie settings in your browser, you may run into issues utilizing this feature. This Duo documentation page has more details: https://help.duo.com/s/article/2189?language=en_US.

  • Remember: Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.

If the above didn't work, try the following troubleshooting steps:

If these steps do not solve the issue, please send the following information to your campus Help Desk:

  • Operating System (Android, iOS, Windows, Mac etc.).

  • What browser you use (Chrome, Firefox, Safari, etc.).

  • The last site where you experienced this problem (Canvas, Outlook, etc.).

  • Any browser plugins/extensions you have.

  • If you are using the VPN and which campus (UIC, UIS, UIUC, AITS).

I don't have internet access (no mobile phone connectivity)

There are several options for authenticating when your smartphone does not have a network connection. The following options are perfect for traveling when you may not have internet access on your mobile phone, or if you do not have access to your typical device.

  1. The Duo Mobile app for smartphones allows you to generate a passcode to login, even if your phone is not connected to the internet. This is a free and easy way to authenticate wherever you are regardless of network connection. Instructions on using this method can be found here: Multi-Factor Authentication (MFA), Device Management.
  2. Hardware tokens work without an internet connection. This means you can use them anywhere in the world to log into your account. More information can be found here: Multi-Factor Authentication (MFA), Hardware Tokens and Security Keys.
  3. As mentioned at the top of the article, you can get a temporary bypass code here.The bypass code will last for 3 days and can be used 100 times. You can request a temporary passcode a maximum of 24 times a year.

Notifications from Duo When Adding/Removing Devices

To help protect your Duo account from unauthorized activity, you will receive a Duo push and an email notification when you add or remove an authentication device in Duo.

More information available here.

Duo prompt display issues

Please see this article for assistance: Multi-Factor Authentication (MFA), Duo Prompt Display Issues.

Duo says my account has been locked out

You will see one of two error messages:

  • "Account disabled. Your Duo account is disabled and cannot access this application. Please contact your IT help desk."
  • "Your account has been locked out due to excessive authentication failures. Please contact your administrator."

This is triggered after 10 failed login attempts. You will need to wait 5 minutes after the last attempt before trying again. If you need assistance with managing your devices, please see this article: Multi-Factor Authentication (MFA), Device Management.

I would like to do MFA with Microsoft instead of Duo

Microsoft Authenticator - The Microsoft Authenticator app is available on iOS and iPadOS (15.0 or later) as well as Android (8.0 and later). Use the following link to install, make sure to pick your device listed (initially it gives you the iOS, you can select Android if you have an Android device.) MFA Setup Link

See Also


Keywords:
2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, multi-factor, multifactor, security, AITS, temporary, passcode, bypass code, mfa, request, enterprise id, remember me, bank account, uin, last 4, lost phone, phone number 
Doc ID:
85687
Owned by:
Identity and Access Management G. in University of Illinois Technology Services
Created:
2018-09-17
Updated:
2025-05-28
Sites:
University of Illinois Technology Services
Clean URL:
https://answers.uillinois.edu/illinois/request-temporary-passcode