This topic provides answers to some frequently asked questions about multi-factor authentication (MFA).

After I enter the verification code on the MFA binding page, a message indicating that the verification code is invalid appears. What do I do?

  • MFA is a time-based authentication method. Make sure that your mobile phone has no time deviations.
  • Each verification code that is generated by your MFA device is updated every 30 seconds. Make sure that you enter the most recent and unused verification code.
  • The quick response (QR) code (key) that is displayed on the MFA binding page expired because the page expired. Refresh the page and use your MFA device to scan the new QR code.
  • If you open the MFA binding page multiple times and use your MFA device to scan the QR code each time you open the MFA binding page, the MFA device displays different verification codes for your account at the same time. In this case, you may enter invalid verification codes, which causes verification failures. We recommend that you check whether your account is already displayed on the MFA device. If your account is displayed, remove the account and scan the QR code again. This ensures that you enter a valid verification code.
  • Bind an MFA device again.
  • After you use the preceding methods to troubleshoot the issue but the issue persists, submit a ticket. You must also provide the screenshot of the page that indicates MFA binding failures, the screenshot of your mobile phone that displays the point in time when the binding starts, the account to which you want to bind the MFA device, and the points in time at which operations are performed during the binding.

What do I do if an authentication failure is prompted when I attempt to perform MFA-based logon?

  • MFA is a time-based authentication method. Make sure that your mobile phone has no time deviations.
  • Make sure that the verification codes you entered are generated for the current account. The verification codes must be most recently generated and unused.
  • If the current MFA device is unbound from the current account, and another MFA device is bound to the current account, obtain the verification codes from the newly bound MFA device.
  • Bind an MFA device again.
  • After you use the preceding methods to troubleshoot the issue but the issue persists, submit a ticket. You must also provide the screenshot of your mobile phone that displays the point in time when the authentication starts, the account that is required for MFA-based logon, and the points in time at which operations are performed during the authentication.

What do I do if the MFA device is deleted by mistake or my mobile phone is lost?

  • If the MFA device is bound to an Alibaba Cloud account, submit a request based on the on-screen instructions on the verification page.
  • If the MFA device is bound to a RAM user, contact the Alibaba Cloud account to which the RAM user belongs or a RAM user that has the administrative rights to disable MFA for the RAM user. For more information, see Unbind an MFA device from a RAM user.