[MFA Modernization Pilot] What to Do If You Lose Your Phone or Security Key (MFA)

⚠️ WARNING: This article is intended for participants in the MFA Modernization Pilot only. If you are not a pilot participant, the information in this article may not apply to you. Contact the IT Service Desk if you have questions about your current sign-in experience.

If you lose the device you use for multi-factor authentication (MFA), you may be unable to sign in to your UMS account. Follow the steps below based on which sign-in method you were using.

INFO: UMS IT highly recommends adding a backup sign-in method so you can still access your account if your primary device is unavailable. You can manage your sign-in methods at aka.ms/mysecurityinfo.

Instructions

I lost my phone (Microsoft Authenticator app)

If you have a backup sign-in method, follow the steps below.

  1. Go to aka.ms/mysecurityinfo
  2. Sign in with your username and password
  3. When prompted for MFA, select "Sign in another way"
  4. Select your backup method and complete authentication
  5. Remove your old Microsoft Authenticator from your account
  6. Click "Sign out everywhere" (listed below your sign-in methods) to sign the lost device out of your account
  7. Re-add the Authenticator app as a sign-in method

If you do not have a backup sign-in method, see I have no backup method below.


I lost access to a synced passkey

Synced passkeys are tied to an account, not a single device. If you sign back in to the service that stores your passkey, your passkey will be available again on your new device, no re-enrollment needed.


I lost a device-bound passkey

Device-bound passkeys are stored on a specific device and cannot be recovered if that device is lost. If you have a backup sign-in method, follow the steps below.

  1. Go to aka.ms/mysecurityinfo
  2. Sign in with your username and password
  3. When prompted for MFA, select "Sign in another way"
  4. Select your backup method and complete authentication
  5. Remove your old passkey from your account
    • Make sure you are removing the correct device-bound passkey and not a synced passkey
  6. Click "Sign out everywhere" (listed below your sign-in methods) to sign the lost device out of your account
  7. Add a new passkey or sign-in method for your replacement device

If your lost device was a University-provided YubiKey, report the loss to your department. YubiKeys are tracked as IT assets and your department will need to request a replacement.

If you do not have a backup sign-in method, see I have no backup method below.


I have no backup method (or my backup method is also unavailable)

During the pilot period: Contact the SSO/MFA Modernization Project team at sso-mfa-project-group@maine.edu for assistance.

After the pilot: Contact the UMS IT Service Desk.

If you were provided with a Temporary Access Pass (TAP) after contacting UMS IT, please follow these instructions: How to Sign In with a Temporary Access Pass (TAP).

Environment

  • Applies to all University of Maine System (UMS) accounts
  • Microsoft Authenticator app (Android or iOS)
  • Synced passkeys (iCloud Keychain, Google Password Manager, password managers)
  • Device-bound passkeys (YubiKey, Windows Hello for Business, Microsoft Authenticator passkey)