Authentication Errors

Verify the correct credentials on a known-working surface

Before changing any settings, log into your company web portal or webmail using a browser (not the app). If that also fails, your account itself is the problem — your password may have expired, your account may be locked, or an IT policy may have changed. Contact your IT team or use your company's self-service password reset tool.

Sync your system clock — clock skew causes auth failures

Authentication systems like Kerberos and TOTP-based MFA require your system time to be accurate to within 5 minutes of the server. Even 6 minutes of drift causes valid credentials to be rejected. On Windows, open an elevated Command Prompt and run:

On Mac: System Settings → General → Date & Time → enable "Set automatically."

Re-register your MFA authenticator app

If MFA codes are being rejected despite appearing valid, the authenticator app's internal clock may have drifted. In Google Authenticator: Settings → Time Correction for Codes → Sync Now. In Microsoft Authenticator: the app syncs automatically, but reinstalling it and re-adding the account is the most reliable fix.

Clear saved (cached) credentials from Windows Credential Manager

Old or stale cached credentials override what you type at login prompts. Open Control Panel → Credential Manager → Windows Credentials and remove any entries related to the system you're trying to access (look for the server name or app name in the list). Retry authentication after clearing them.

Check for certificate or TLS issues

Some auth failures are actually TLS handshake failures misreported as credential errors. Look for warnings about expired certificates or untrusted certificate authorities in the app's error details. If you see one, your company's SSL inspection proxy may have an expired root certificate — your IT team needs to update it.