Skip to main content

I Can't Log In Using Two-Step Login

Common troubleshooting tips for Two-Step Login problems, including a disabled account, time away from the university, blocked connections to Duo Security, and conflicts with Dragon NaturallySpeaking.

This article applies to: Two-Step Login


Your Account Is Disabled

You see the following message when you try to use Two-Step Login:

 " Your two-factor account is disabled.  Contact an administrator for assistance."

What to Do

  1. Contact the IT Service Desk and ask to have your account released.
     

    You will not be able to log in using Two-Step Login until you contact the IT Service Desk and arrange for access to your account. To verify your identity, make sure you have one of the following:

  • Your ID and can visit the Service Desk in person
  • Access to a computer that can support a Zoom session
  • Access to the phone you have listed in the Cornell Directory
  1. Immediately enroll a device in Two-Step Login.
Once your account has been released, you must enroll a device in Two-Step Login otherwise your payroll and tax documents will be vulnerable to hackers.

Cornell asks that all employees, including student employees, have a Two-Step Login account.  Two-Step Login protects your sensitive employment information in Workday.  The second step of logging in is needed before your tax documents or where your paycheck is deposited can be viewed or changed.  Attackers seek out this type of information so they can steal money from you.

This security measure is not fully effective until you have opened an account and enrolled one or more devices.  If you are a Cornell employee who has not yet done this, access to Two-Step Login will be blocked, for your own protection, until you contact the IT Service Desk.

For more information and instructions, read about Two-Step Login.

If you have questions about enrolling devices or using Two-Step Login, contact the IT Service Desk.

    You Were Away from the University for Some Period of Time

    When you are no longer associated with Cornell, your Two-Step Login account will be deleted.  When this happens, you will need to open a fresh account and enroll one or more devices before you can access services that require Two-Step Login.

    To Check Your Account

    1. Go to Manage Your Two-Step Login.
    2. Log in with your NetID and password.
    3. If there are any devices listed on the Your Two-Step Login Devices tab, your account is still active.  Otherwise, a new account will be initialized and you will be prompted to start enrolling devices.

    Connections to Duo Security are Blocked

    Two-Step Login is a cloud-based service. Your computer needs to be able to connect to Duo Security’s servers at *.duosecurity.com.

    • The wired or WiFi network you are working on may be blocking connections to external sites.
    • Your web browser might need to explicitly configured to allow access to Duo’s servers.
    • If you are authenticating to an application that runs on a terminal server, the server’s administrator may need to open up access to Duo Security.

    You Use Dragon NaturallySpeaking Speech Recognition Software

    The browser plug-in for Nuance's Dragon Naturally Speaking blocks the Two-Step Login authentication prompt.  You will need to uninstall or disable the plug-in.

    Was this page helpful?

    Your feedback helps improve the site.

    Comments?