[MFA Modernization Pilot] What to Do If You Lose Your Phone or Security Key (MFA)

⚠️ WARNING: This article is intended for participants in the MFA Modernization Pilot only. If you are not a pilot participant, the information in this article may not apply to you. Contact the IT Service Desk if you have questions about your current sign-in experience.

If you lose the device you use for multi-factor authentication (MFA), you may be unable to sign in to your UMS account. Follow the steps below based on which sign-in method you were using.

INFO: UMS IT highly recommends adding a backup sign-in method so you can still access your account if your primary device is unavailable. You can manage your sign-in methods at aka.ms/mysecurityinfo.

Instructions

I lost my phone (Microsoft Authenticator app)

If you have a backup sign-in method, follow the steps below.

  1. Go to aka.ms/mysecurityinfo
  2. Log in with your username and password
  3. When prompted for MFA, select "Sign in another way"
  4. Select your backup method and complete authentication
  5. Remove your old Microsoft Authenticator from your account
  6. Re-add the Authenticator app as a sign-in method

If you do not have a backup sign-in method, see I have no backup method below.

I lost access to a synced passkey

Synced passkeys are tied to an account, not a single device. If you sign back in to the service that stores your passkey, your passkey will be available again on your new device — no re-enrollment needed.

  • iCloud Keychain passkey: Sign in to iCloud on your iOS (iPhone/iPad) or macOS (Mac/Macbook/iMac) device.
  • Google Password Manager passkey: Sign in to your Google account on your Android device or in your Chrome browser.
  • Password manager passkey (e.g., Bitwarden, 1Password): Sign in to your password manager app on your new device.

I lost a device-bound passkey

Device-bound passkeys are stored on a specific device and cannot be recovered if that device is lost. If you have a backup sign-in method, follow the steps below.

  1. Go to aka.ms/mysecurityinfo
  2. Log in with your username and password
  3. When prompted for MFA, select "Sign in another way"
  4. Select your backup method and complete authentication
  5. Remove your old passkey from your account
  6. Add a new passkey or sign-in method for your replacement device

If your lost device was a University-provided YubiKey, report the loss to your department. YubiKeys are tracked as IT assets and your department will need to request a replacement.

If you do not have a backup sign-in method, see I have no backup method below.

I have no backup method (or my backup method is also unavailable)

During the pilot period: Contact the SSO/MFA Modernization Project team at sso-mfa-project-group@maine.edu for assistance.

After the pilot: Contact the UMS IT Service Desk.

Environment

  • Applies to all University of Maine System (UMS) accounts
  • Microsoft Authenticator app (Android or iOS)
  • Synced passkeys (iCloud Keychain, Google Password Manager, password managers)
  • Device-bound passkeys (YubiKey, Windows Hello for Business, Microsoft Authenticator passkey)

 

Print Article