Viewable by the world

Purpose of Knowledge Article:

Guide to activating emergency bypass MFA if you cannot authenticate with MFA, most commonly due to:

  • Lost your phone
  • Phone got reset
  • Got new phone
  • MFA token no longer works (out-of-sync)

Emergency MFA bypass is to be used infrequently for emergency situations only.

Emergency MFA bypass is NOT to be used on a regular basis to avoid MFA

Resolution:

This will only work if:

  • You already have your Notification Information set up and it is up-to-date (you are asked to do this when first activating your Berkeley Lab Identity account)
  • You have not changed your LDAP password within the past 14 days
  • You have access to the email or mobile number you provided in the Notification Information
  • It is recommended to do this using Google Chrome in Incognito Window. Other browsers/modes may give you glitches and/or false-positive errors. So be sure to use Google Chrome in Incognito mode.


  • Be sure to do step 1 and step 2.
  • If you have successfully activated the bypass in step 1, but you are still getting asked for the One Time Passcode (OTP). Close out of the browser and relaunch into Google Chrome in Incognito mode and try step 2 again.
  1. Go to https://identity.lbl.gov/bypass/ and follow the on-screen instructions to set up an MFA bypass
  2. Set up a new MFA token with Google Authenticator.  See Install Google Authenticator and Setup MFA for instructions.
    If you already have Google Authenticator on your phone, you will just need to Add a new MFA token.


If you get any error messages during the process. Submit a ticket to [email protected] and include the following:

  • A screenshot of the error message you are getting 
  • Your Berkeley Lab username
  • Your Berkeley Lab employee ID number
  • The phone number you can be reached at

IT Support Services will get back to you

Was this site useful for you? Do you have any feedback or suggestions? Please click here to send your comments about this FAQ to IT.