Overview
MFA Lockout | Repeated Lockouts
Issue
Good afternoon SUNY Cobleskill faculty, staff, and students and welcome back
Information Security has compiled this Word document to assist SUNY Cobleskill students, faculty, and staff with issues that could arise when configuring Multi-Factor Authentication (MFA).
Short summary: Please prepare when you are getting a new phone or setting up MFA. If you only have one method to authenticate you could potentially lock yourself out of your account, see the link below on what MFA is, how to configure MFA, how to change your authentication methods, and how to configure the authenticator app.
https://cobleskill.teamdynamix.com/TDClient/277/Portal/Requests/ServiceDet?ID=3075
When first configuring MFA on your Cobleskill account, you will be prompted to configure the authenticator app. If successfully configured, please proceed to set up a second method to authenticate, which would be your phone number, and if possible, a third method. Establishing these alternate methods to authenticate prevents you from getting locked out should your primary method not operate as intended.
Please keep in mind the following when configuring your MFA
1. If you set up the authenticator app and it is your only method to authenticate, you WILL get locked out of your account if you:
- Get a completely different phone.
- Reset your phone.
- Delete the authenticator app.
- Wipe the authenticator app data.
How to work around this issue:
- If you have configured a second method to authenticate when you initially configured MFA on your account, you should still be able to authenticate using that second method.
- In order to utilize the authenticator app again, you will need to re-configure the app.
2. If you get a completely different phone AND a Phone number, you WILL be locked out of your account.
How to work around this issue:
- If possible, use a friend’s or parent’s number as an alternate method to authenticate before you change your phone and number ahead of time.
- The use of a third method to authenticate would prevent this issue.
- You will need to reconfigure the authenticator app as well as add your new number.
3. If your current method to authenticate is set to your parent’s number or a friend’s number:
How to work around this issue:
- You do not need to contact the Service Desk to change the authentication number.
- If you can get hold of the person to which the number is tied to, have them provide you with the code over the phone.
- Once you are able to get into your email, refer to the link at the beginning of this document on how to change your methods to authenticate.