MFA Deny means that a system rejected the user’s attempt to access an account, website, or application protected with Multi-Factor Authentication (MFA).
The log-in attempt could have been denied for various reasons.
When a user’s sign-in attempt gets rejected, the server or security system usually prints appropriate information on the screen. The exact wording of the message depends on the implementation. Some of the popular MFA Deny messages are:
- MFA Denied
- Access Blocked
- Error Code MFA
- Access Denied
- MFA Request Denied
- Access Rejected
- MFA Has Been Denied
- MFA Blocked
These are the most common errors printed when Multi-Factor Authentication did not finish successfully. If you received any of these messages or a similar one, your issue probably has to do with Multi-Factor Authentication, Two-Factor Authentication, or lack thereof.
MFA Deny: Why You Are Getting Denied
Here are the most common reasons you are denied access when MFAing to your account.
1. Fraudulent Account Activity
If a website determines that your log-in credentials have been compromised, your account has been tampered with, or any other type of nefarious activity happened, it may automatically block any online and mobile access to your account to reduce the likelihood of further attempts at unauthorized access. Some bank sites are known to use this strategy to stop malicious actors from continuously trying to brute-force your account or to limit the extent of harm they do after they gain access. Usually, banks send you a notification with a prompt or an email message with a link to reset your password to regain control over your account. If this did not happen, you should at the very least get information on who to contact to recover your account.
2. Your Account Has Been Blocked
Your account might have been blocked for one of many reasons. Fraudulent account activity is only one situation that may lead to a service preemptively blocking your account. Other possible reasons for account blockage include:
- You repeatedly entered an incorrect password.
- Your account exceeded the number of allowed invalid MFA attempts.
- Your account has been temporarily or permanently frozen due to suspect illegal activity.
- The administrator of your organization blocked your account manually.
- A security policy assigned to the application restricts your access.
Ways of unblocking the account depend on the reason why you were blocked. Start by contacting support.
3. MFA Attempt Denied By User
Sometimes a user themselves denies a log-in attempt. This can be both intended and not intended. For instance, if you authenticate by accepting push notifications sent to your phone, you usually tap “Accept” or “Approve” to get logged in. If you accidentally tap “Deny”, you will be denied access, and an appropriate MFA Deny message will likely appear on your computer screen. On the contrary, if you have not initiated any log-in attempts and yet received an authentication request, immediately deny the log-in request. Then, contact the administrator in your organization or call a bank helpline to report a potential cyber incident. You might have become the victim of a cyberattack, and your account might still be in danger.
4. MFA Attempt Denied by Admin
An administrator might have defined a security policy that denies log-in attempts from users within a given IP range, during a particular time of day, or with specific roles. If you fall into any of these categories, your authentication attempt will be denied, and you will likely see an MFA Deny information on your screen.
5. MFA Not Configured
Some systems may deny your log-in attempt if you have not enrolled your account in MFA. If MFA is mandatory on a system, you must enable it to access your account. Also, if Multi-Factor Authentication has been misconfigured for your account, application, or organization, you may get a similar message even if you have enrolled your account correctly. Sometimes you cannot enable MFA yourself and must ask an administrator or support team for help.
6. Technical Issues
Sometimes an MFA system is blocked by a firewall or another application. If you are an employee in a company and cannot access your account, contact your administrator and describe your issue. If you are an individual user who tries to access a bank account or another website, it is best to contact the site owner or a dedicated support team.
7. Service Temporarily Unavailable
Hacks, malicious activities, rejected log-in attempts and blocked accounts are often the cause of users receiving an “MFA denied” message. Despite that, the system you are trying to access might be down or temporarily unreachable due to maintenance or unexpected errors. Sometimes people experience temporary issues that get resolved on their own after a short time. Usually, employees and users are informed about planned maintenance. But this does not always happen. Notably, most modern MFA authentication systems allow deciding what will happen if the MFA service is temporarily unavailable. For example, Rublon administrators can set what happens when Rublon servers become unavailable. But the fail mode feature might differ from one MFA provider to another.
How to Fix MFA Denied?
If MFA denied your sign-in attempt and you cannot access your account, we recommend you contact the support team of the website you are trying to access. For example, email your bank’s customer service or call your bank’s helpline. In contrast, if the MFA Deny error appears when you log in to an application or a VPN, contact your administrator or your MFA security provider and ask for assistance.
Using Rublon and have questions or concerns about MFA? Contact Rublon Support.
