Skip to main content

I Can't Log In Using Two-Step Login

Common troubleshooting tips for Two-Step Login problems, including a disabled account, time away from the university, blocked connections to Duo Security, and conflicts with Dragon NaturallySpeaking.

This article applies to: Two-Step Login


Your Account Is Disabled

You see the following message when you try to use Two-Step Login:

 " Your two-factor account is disabled.  Contact an administrator for assistance."

What to Do

  1. Contact the IT Service Desk and ask to have your account released.
     

    You will not be able to log in using Two-Step Login until you contact the IT Service Desk and arrange for access to your account. To verify your identity, make sure you have one of the following:

  • Your ID and can visit the Service Desk in person
  • Access to a computer that can support a Zoom session
  • Access to the phone you have listed in the Cornell Directory
  1. Immediately enroll a device in Two-Step Login.
Once your account has been released, you must enroll a device in Two-Step Login otherwise your payroll and tax documents will be vulnerable to hackers.

Cornell asks that all employees, including student employees, have a Two-Step Login account.  Two-Step Login protects your sensitive employment information in Workday.  The second step of logging in is needed before your tax documents or where your paycheck is deposited can be viewed or changed.  Attackers seek out this type of information so they can steal money from you.

This security measure is not fully effective until you have opened an account and enrolled one or more devices.  If you are a Cornell employee who has not yet done this, access to Two-Step Login will be blocked, for your own protection, until you contact the IT Service Desk.

For more information and instructions, read about Two-Step Login.

If you have questions about enrolling devices or using Two-Step Login, contact the IT Service Desk.

You Were Away from the University for Some Period of Time

When you are no longer associated with Cornell, your Two-Step Login account will be deleted.  When this happens, you will need to open a fresh account and enroll one or more devices before you can access services that require Two-Step Login.

To Check Your Account

  1. Go to Manage Your Two-Step Login.
  2. Log in with your NetID and password.
  3. If there are any devices listed on the Your Two-Step Login Devices tab, your account is still active.  Otherwise, a new account will be initialized and you will be prompted to start enrolling devices.

Connections to Duo Security are Blocked

Two-Step Login is a cloud-based service. Your computer needs to be able to connect to Duo Security’s servers at *.duosecurity.com.

  • The wired or WiFi network you are working on may be blocking connections to external sites.
  • Your web browser might need to explicitly configured to allow access to Duo’s servers.
  • If you are authenticating to an application that runs on a terminal server, the server’s administrator may need to open up access to Duo Security.

You Use Ad Blockers

Some ad blocker apps and extensions interfere with Two-Step Login.

Android

  1. Open the Chrome app.
  2. At the top right, tap More (three-dots icon).
  3. Tap Site settings.
  4. Next to Ads, if the setting reads Blocked on some sites, tap Ads to open the settings.
  5. Tap the slider. The slider will turn blue and the caption should now read Allowed.
  6. Close the settings screen by clicking the back arrows at top left until you see the Duo webpage.
  7. Reload the page or retry your login to generate a new authentication request.

Chrome

  1. Click More (three dots icon at top right), then click Settings.
  2. Click Privacy and security.
  3. Click Site Settings.
  4. Under Additional content settings, click Ads.
  5. Click All sites can show any ads to you.

iPhone

Typically, ad blocking on iPhones is controlled by a third-party application like Adblock Plus. To change settings:

  1. On your iPhone, Tap the Settings icon.
  2. Type Safari in the search bar, then tap Safari.
  3. Under General, tap Content Blockers.
  4. In the list of content blocking apps, turn off Adblock Plus by clicking the slider so that it turns gray.

Content Filtering or Restrictions are Turned On

Mobile device or browser content filtering can sometimes interfere with the Duo app's authentication process. If you think this might be the case, try the steps below outlined for your device or browser.

iPhones

  1. On your iPhone, go to Settings, then tap Screen Time.
  2. Tap Content & Privacy Restrictions, then enter your Screen Time passcode, if required.
  3. Tap Content Restrictions.
  4. Tap Web Content.
  5. Choose Unrestricted Access, Limit Adult Websites, or Allowed Websites Only.

Android phones

  1. On your Android phone or tablet, open the Google app .
  2. At the top right, tap your Profile picture or initial and then Settings and then Hide explicit results.
  3. Turn Explicit results filter on or off.
    • To turn off SafeSearch, turn off Explicit results filter.
    • If you find a Lock icon at the top right, your SafeSearch setting is locked by someone who manages your account. The settings page provides info about who manages your SafeSearch setting.

Chrome

  1. Open Chrome, then go to Settings.
  2. Under Privacy and Security, choose which settings to turn off. To control how Chrome handles content and permissions for a site, click Site Settings.

Turn off Parental Controls

iPhone

  1. Tap Settings, then tap Screen Time.
  2. Tap Content & Privacy Restrictions.
  3. Toggle the Content & Privacy Restrictions slider to off/white to turn off Parental Controls.

Android

  1. Tap Manage settings.
  2. Tap Controls on Google Play.
  3. This menu will let you edit your parental controls.

If You Use Dragon NaturallySpeaking Speech Recognition Software

The browser plug-in for Nuance's Dragon Naturally Speaking blocks the Two-Step Login authentication prompt.  You will need to uninstall or disable the plug-in.

Restarting the Duo Mobile App

Occasionally the Duo mobile app will not be able to create a notification. If you open the app manually, you will be able to approve or deny the pending authentication request. If this happens more frequently, try restarting the app.

Was this page helpful?

Your feedback helps improve the site.

Comments?