Topics Map > Account Management > 2FA/Duo

Multi-Factor Authentication (MFA), Troubleshooting

This article can help with common issues users may encounter when trying to use multi-factor authentication (MFA).

Requesting a Temporary Passcode

Should you lose, misplace, or forget your MFA device and cannot authenticate, you can request a temporary passcode. These can also be requested if you are going to a testing center and will not have access to your device.

  • Passcodes are good for 3 days or 100 uses, whichever comes first. You can request 24 passcodes per year, so these should not be relied upon as a primary authentication method.

You need to request a passcode in advance (i.e. you currently have your device)

  1. Visit the NetID Center.
  2. Select Temporary passcode at the bottom of the page.

    temporary passcode

  3. Click "Yes, I have my device".
  4. Authenticate like normal using the device.
  5. Your passcode will then be displayed along with the expiration date.

    Temporary Passcode

You do not have your device and need a passcode now

  1. Visit the NetID Center.
  2. Select Temporary passcode at the bottom of the page.

    temporary passcode

  3. Click "No, I don't have my device".
  4. An email with a passcode will be sent to your password recovery email. The email will be from and subject will be UI Verify Temporary Passcode.

    emailed code

    If you do not have recovery options set up or cannot access your recovery options, you will need to call your University Service Desk to get a temporary passcode.

    Once you receive a temporary passcode, please visit to set up your recovery email under the Recovery Settings.

    For instructions on setting up recovery options, see NetID Center, Set and modify your recovery options.

How to use a temporary passcode

Duo Universal Prompt (Microsoft365 (Outlook, Word, Excel, etc.), Shibboleth (Canvas, Box, Zoom, Moodle, etc.), or the NetID Center):

  1. Go to the application you are trying to access that requires MFA and login with your NetID and password.
  2. Select the Bypass code option.
  3. Enter the code and click Verify.

Screenshot highlighting the bypass code option at the Duo Universal Prompt 

AITS Duo Prompt (some AITS Applications such as Banner, HR Reporting, My UI Info, Direct Deposit, etc.):

  1. Go to the application you are trying to access that requires MFA.
  2. Select Temporary Passcode from the drop down
  3. Enter the passcode and click Enter.

  screenshot showing temp passcode option at duo custom iframe

Cancel Temporary Passcode:

If you no longer need to use the temporary passcode you requested, you can cancel it for security.

  1. Visit the NetID Center at, select Manage my 2FA under 2-Factor Authentication
  2. Under My Devices & Settings select the + next to Temporary Passcode and then the trash can to delete/expire the code.

expire code

Other Topics

Duo Remembered Devices Feature not working

If you choose for Duo to remember you or trust your browser, a trusted session will be created for 24 hours between you, your browser, and the endpoint you are logging into. This involves using a browser cookie. If you have restrictive cookie settings in your browser, you may run into issues utilizing this feature. This Duo documentation page has more details:

  • Remember: Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.

If the above didn't work, try the following troubleshooting steps:

If these steps do not solve the issue, please send the following information to your campus Help Desk:

  • Operating System (Android, iOS, Windows, Mac etc.).

  • What browser you use (Chrome, Firefox, Safari, etc.).

  • The last site where you experienced this problem (Canvas, Outlook, etc.).

  • Any browser plugins/extensions you have.

  • If you are using the VPN and which campus (UIC, UIS, UIUC, AITS).

I don't have internet access (no mobile phone connectivity)

There are a couple options for authenticating when your smartphone does not have a network connection. The following options are perfect for traveling when you may not have internet access on your mobile phone, or if you do not have access to your typical device.

  1. The Duo Mobile app for smartphones allows you to generate a passcode to login, even if your phone is not connected to the internet. This is a free and easy way to authenticate wherever you are regardless of network connection. Instructions on using this method can be found here: Multi-Factor Authentication (MFA), Device Management.
  2. Hardware tokens work without an internet connection. This means you can use them anywhere in the world to log into your account. More information can be found here: Multi-Factor Authentication (MFA), Hardware Tokens and Security Keys.

Duo prompt display issues

Please see this article for assistance: Multi-Factor Authentication (MFA), Duo Prompt Display Issues.

Duo says my account has been locked out

You will see one of two error messages:

  • "Account disabled. Your Duo account is disabled and cannot access this application. Please contact your IT help desk."
  • "Your account has been locked out due to excessive authentication failures. Please contact your administrator."

This is triggered after 10 failed login attempts. You will need to wait 5 minutes after the last attempt before trying again. If you need assistance with managing your devices, please see this article: Multi-Factor Authentication (MFA), Device Management.


Keywords2FA, 2-factor authentication, Two-factor authentication, Duo, Duo Security, Verify, UI Verify, enrollment, multi-factor, multifactor, security, AITS, temporary, passcode, bypass code, mfa, request, enterprise id, remember me, bank account, uin, last 4, lost phone   Doc ID85687
OwnerID M.GroupUniversity of Illinois Technology Services
Created2018-09-17 13:47:08Updated2023-11-13 16:18:20
SitesUniversity of Illinois System, University of Illinois Technology Services
Feedback  1   17