2FA, No password, 2FA device, or bank account on file

I'm stuck trying to access my account. I let my password expire (or forgot it) and can't get past MFA (lost device, changed phone number, etc.). I don't have a bank account on file with the university, what can I do?

You can utilize self-service options if the following applies to you:

  • If you forgot your password but you do have access to a registered MFA device, you can reset your password here: NetID Center Reset Password.
  • If you know your password and have a recovery email on file, but do not have access to any of your MFA devices you can get a temporary passcode here: NetID Center Temporary Passcode.

However, please contact the Help Desk at 217-300-7140 to get a temporary passcode if the following applies to you:

  • If you know your password, but you do not have a recovery email on file and you do not have access to any of your MFA devices.
  • If you forgot your password, you do not have a recovery email on file, and you do not have access to any of your MFA devices.
  • The passcode you receive (from the NetID Center or the Help Desk) is designed for short-term occasional or emergency use. Each passcode expires after 3 days or 100 uses, whichever comes first. You can request a temporary passcode a maximum of 24 times a year.
  • Make sure to update your registered MFA devices via the NetID Center or Duo Universal Prompt after receiving the passcode to avoid having to use bypass codes in the future.
When you have your temporary passcode, you can use it by following the instructions below.

If accessing Microsoft365 (Outlook, Word, Excel, etc.) or Shibboleth (Canvas, Box, Zoom, Moodle, etc.):

Select "Other options" at the Duo prompt, then click on "Bypass code" as shown in the screenshot below:

Screenshot showing where to click at the Duo prompt. Text for the button is bypass code.


If accessing AITS Applications (Banner, HR Reporting, My UI Info, NetID Center, Direct Deposit, etc.):

Select the "Use" drop down as shown in the screenshot below:

Use a temporary passcode


The 2FA/NetID Center infinite loop

One reason why some people are getting prompted for Duo authentication even though they haven't fully enrolled...

When someone goes to the NetID Center and clicks the button to set up 2FA, their Duo account gets created even if the user doesn’t complete enrollment by setting up any devices. This is known as a "stub account". Then when they go to a trusted site (like My UI Info), Duo logs the last login date. It's these two things -- a Duo stub account and a last login date -- that is enough for NetID Center to prompt for 2FA authentication even when the user has no devices added.

On 4/23/2020, they are going to add logic to the NetID Center to sense this condition and delete the user's Duo account automatically on the backend. The NetID Center will allow the user in without 2FA and they will have the chance to restart the enrollment process. This is good news and hopefully cuts down our tickets.

Keywords:catch 22 bypass token phone passcode temp temporary recovery recover stub paystub duo   Doc ID:97273
Owner:ID M.Group:University of Illinois Technology Services
Created:2020-01-23 10:28 CSTUpdated:2022-09-22 08:50 CST
Sites:University of Illinois System, University of Illinois Technology Services
Feedback:  1   8