Multi-Factor Authentication (MFA), Troubleshooting
Attention: The phone call option for performing multi-factor authentication will be disabled on June 12. If you currently use this, please select an alternative authentication option, as mentioned in this KB.
This article can help with common issues users may encounter when trying to use multi-factor authentication (MFA).
Requesting a Temporary Passcode
Should you lose, misplace, or forget your MFA device and cannot authenticate, you can request a temporary passcode. These can also be requested if you are going to a testing center and will not have access to your device.
- Passcodes are good for 3 days or 100 uses, whichever comes first. You can request 24 passcodes per year, so these should not be relied upon as a primary authentication method.
You need to request a passcode in advance (i.e. you currently have your device)
- Visit the NetID Center.
- Select Temporary passcode at the bottom of the page.
- Click "Yes, I have my device".
- Authenticate like normal using the device.
- Your passcode will then be displayed along with the expiration date.
You do not have your device and need a passcode now
- Visit the NetID Center.
- Select Temporary passcode at the bottom of the page.
- Click "No, I don't have my device".
- An email with a passcode will be sent to your password recovery email. The email will be from noreply@uillinois.edu and subject will be UI Verify Temporary Passcode.
If you do not have recovery options set up or cannot access your recovery options, you will need to call your University Service Desk to get a temporary passcode.
Once you receive a temporary passcode, please visit https://identity.uillinois.edu to set up your recovery email under the Recovery Settings.
For instructions on setting up recovery options, see NetID Center, Set and modify your recovery options.
How to use a temporary passcode
Duo Universal Prompt (Office 365, Outlook, Canvas, Box, Zoom, Moodle, etc.):
- Go to the application you are trying to access that requires MFA and login with your NetID and password.
- Select the Bypass code option.
- Enter the code and click Verify.
AITS Duo Prompt (Banner, HR Reporting, My UI Info, NetID Center, Direct Deposit, etc.):
- Go to the application you are trying to access that requires MFA.
- Select Temporary Passcode from the drop down
- Enter the passcode and click Enter.
Cancel Temporary Passcode:
If you no longer need to use the temporary passcode you requested, you can cancel it for security.
- Visit https://identity.uillinois.edu select Manage my 2FA under 2-Factor Authentication
- Under My Devices & Settings select the + next to Temporary Passcode and then the trash can to delete/expire the code.
Other Troubleshooting Topics
Duo Remembered Devices Feature
Duo Remembered Devices Feature
Depending on which Duo Prompt you are seeing, the remembered devices feature will be referred to as one of the following:
- A prompt asking you 'Trust this browser?'
- A checkbox with the label 'Remember me for 24 hours'
Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.
If accessing Microsoft365 (Outlook, Word, Excel, etc.) or Shibboleth (Canvas, Box, Zoom, Moodle, etc.):
If you're authenticating with MFA for the first time in your browser, you will see the below screen after you authenticate:
Once the trusted session cookie expires (after 24 hours), you will see the below screen when authenticating. The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:
If accessing AITS Applications (Banner, HR Reporting, My UI Info, NetID Center, Direct Deposit, etc.):
The remembered devices feature is enabled by default, but you can uncheck the checkbox shown below to disable it if desired:
I don't have internet access (no mobile phone connectivity)
There are a couple options for authenticating when your smartphone does not have a network connection. The following options are perfect for traveling when you may not have internet access on your mobile phone, or if you do not have access to your typical device.
- Hardware tokens work without an internet connection. This means you can use them anywhere in the world to log into your account. More information can be found here: Multi-Factor Authentication (MFA), Hardware Tokens and Security Keys.
- The Duo Mobile app for smartphones allows you to generate a passcode to login, even if your phone is not connected to the internet. This is a free and easy way to authenticate wherever you are regardless of network connection. Instructions on using this method can be found here: Multi-Factor Authentication (MFA), Device Management.
Duo prompt display issues
Please see this article for assistance: Multi-Factor Authentication (MFA), Duo Prompt Display Issues.
Duo says my account has been locked out
You will see one of two error messages:
- "Account disabled. Your Duo account is disabled and cannot access this application. Please contact your IT help desk."
- "Your account has been locked out due to excessive authentication failures. Please contact your administrator."
This is triggered after 10 failed login attempts. You will need to wait 5 minutes after the last attempt before trying again. If you need assistance with managing your devices, please see this article: Multi-Factor Authentication (MFA), Device Management.