How can I troubleshoot MFA / 2FA problems?

Overview

This article can assist with common issues individuals may encounter when trying to use multi-factor authentication (MFA).

Table of Contents

Duo Account Disabled or Locked Out

You will see one of two error messages:

  1. "Account disabled. Your Duo account is disabled and cannot access this application. Please contact your IT help desk."
    - or -
  2. "Your account has been locked out due to excessive authentication failures. Please contact your administrator."

This is triggered after 10 failed login attempts. You will need to wait 5 minutes after the last attempt before trying again. If you need assistance with managing your devices, please see this article: how do I manage my MFA / 2FA devices?

Duo Prompt Display Issues

Some privacy and security features, especially on Apple devices, prevent the Duo Universal 2-factor prompt from working correctly. For example, a blank screen appears after the password is accepted, but the prompt to text or notify doesn't appear.

Ad Blockers

Some ad blockers can interfere with the Duo prompt. Disable your ad blocker and try again. If the Duo prompt displays correctly after that, you can leave the ad blocker disabled or try to adjust your ad blocker settings to get it working alongside Duo.

OS Specific Issues

iOS and iPadOS

  • Make sure JavaScript is enabled in Settings > Safari > Advanced > JavaScript (turn this on).
  • Allow cookies with the switch in Settings > Safari > Privacy & Security heading, Block All Cookies (turn this off).
  • Check Content Restrictions in Settings > Screen Time > Content & Privacy Restrictions > Content Restrictions > Web Content.
    • If you'd like to keep using this feature, add both verify.uillinois.edu and duosecurity.com as Allowed Websites.
    • Otherwise, change this setting to Unrestricted.

Duo Security, the vendor the University uses for this service, describes this issue in some more detail on their website here:

macOS

  • Check Content Restrictions in System Preferences > Screen Time > Content & Privacy > Content heading.
    • If you'd like to keep using this feature, add both verify.uillinois.edu and duosecurity.com as Allowed Websites.
    • Otherwise, change the Web Content setting to Unrestricted Access.

Duo Security, the vendor the University uses for this service, describes this issue in some more detail on their website. Visit how do I resolve Duo Prompt display issues related to iOS or macOS content restrictions?.

Troubleshooting Tips

The following steps may help isolate the cause of the issue:

  • Browser-related
    • Make sure your browser is up to date by checking for and applying updates.
      • Supported browsers and versions can be found here.
    • Try using your browser in 'Guest' mode. This can help determine if there is a browser setting or add-on that is interfering with Duo.
    • Try using a new browser profile.
    • Use a different browser. If a different browser works, this will tell you that there is an issue with the configuration of the browser, or it is not supported.
  • OS-related
    • Make sure your OS is up to date by checking for and applying updates.
    • Issues related to iOS, iPadOS, and macOS are detailed above.
    • Try using a different device. This can help determine if there is a setting related to the device or OS that is interfering with Duo.
  • Connection-related
    • Not very common, but there have been some instances where there is an issue with the internet connection (router or ISP) that causes issues loading the Duo prompt. Usually DNS related. Try using a different connection to see if this could be the cause.
      • For example, if on a cell phone, use your cellular connection instead of Wi-Fi.
      • Or try connecting to a different Wi-Fi network.

If none of the above steps work, please reach out to Technology Solutions at it.uic.edu/report-a-problem.

Remembered Devices Feature Not Working

If you choose for Duo to remember you or trust your browser, a trusted session will be created for 24 hours between you, your browser, and the endpoint you are logging into. This involves using a browser cookie. If you have restrictive cookie settings in your browser, you may run into issues utilizing this feature. Go to can Duo's Remembered Devices feature work if third-party cookies are blocked? to learn more.

  • Remember: Do not trust the browser when using a public or shared computer! This could leave your Duo session available to other users. Trust the browser only when you access applications from your own computer.

If the above didn't work, try the following troubleshooting steps:

If these steps do not solve the issue, please send the following information to Technology Solutions at it.uic.edu/report-a-problem.

  • Operating System (Android, iOS, Windows, Mac etc.).
  • What browser you use (Chrome, Firefox, Safari, etc.).
  • The last site where you experienced this problem (Box, Outlook, etc.).
  • Any browser plugins/extensions you have.
  • If you are using the VPN.

No Internet Access

There are several options for authenticating when your smartphone does not have a network connection. The following options are perfect for traveling when you may not have internet access on your mobile phone, or if you do not have access to your typical device.

  1. The Duo Mobile app for smartphones allows you to generate a passcode to login, even if your phone is not connected to the internet. This is a free and easy way to authenticate wherever you are regardless of network connection. Instructions on using this method can be found here: How do I manage my MFA / 2FA devices?
  2. Hardware tokens work without an internet connection. This means you can use them anywhere in the world to log into your account. More information can be found here: What are MFA / 2FA Security Keys?
  3. You can get a temporary bypass code. The bypass code will last for 3 days and can be used 100 times. You can request a temporary pass code up to 24 times per year.

See Also

Manage MFA Print Article

Related Articles (7)

How can I enroll in MFA / 2FA?
Individuals can enroll in Duo MFA via the NetID Center. Otherwise, the first time you log into MFA-protected University website or service, you will be asked to enroll your account and set up a device.
How can I learn more about MFA / 2FA?
The University of Illinois uses a 2-Factor authentication (2FA) service provided by Duo Security, an industry leader in cyber security services. This will help secure your account and the University's sensitive data. The University of Illinois is committed to securing its institutional data and the personal information of everyone at the University.
How can I use MFA / 2FA without network access or while traveling internationally?
The default 2FA options can incur data charges for accessing the Duo Mobile application while you are outside of the USA. However, there are options to avoid this.
How do I generate and use MFA / 2FA temporary passcodes?
If you have lost, forgot, or can not access your 2FA device, you can request a temporary passcode. This passcode is good for 3 days and 100 uses. You can request 24 passcodes per calendar year. These can be requested if you are going to a testing center and will not have access to your 2FA device.
How do I manage my MFA / 2FA devices?
Step by Step guide on How to Manage your 2FA (2-factor authentication) Devices.
How do I use MFA / 2FA?
This article summarizes the different types of devices you can use to authenticate with our MFA (Multi-Factor Authentication) provider.
What are MFA / 2FA Security Keys?
Security keys are small, portable devices that you can use to log into Duo, the university's multi-factor authentication system. Most people are able to log into Duo using their personal cell phone with the Duo Mobile app. But if you cannot or do not want to use your personal device for 2FA, then a security key is recommended.

Related Services / Offerings (1)

Multi-Factor Authentication
Multi-Factor Authentication is a method of confirming your identity by utilizing something you know (password) AND something you have (a second factor).