Why am I getting locked out or logged out of eServices?

Published 12/02/2024

Answer
If you are getting locked out or logged out of eServices, there could be various reasons why. The table below explains some of the most common reasons users get locked out or logged out of eServices.

Table 1: Common Reasons for Being Locked Out of eServices.
Action
Lockout/Logout Details

User attempted to log into eServices using an incorrect password or MFA code three times in a row.

The user will be locked out of eServices. This is a CMS security requirement. To unlock the account, please contact your provider administrator for assistance.

User is locked out three times in a row.

The user ID will remain locked until the user calls to verify their identity and have their ID unlocked. Please contact the Provider Contact Center for assistance.

The user has not logged into their account within the past 30 days,

or

No provider administrators on the account have logged into their account within the past 30 days.

If a provider user does not log into eServices at least once every 30 days, their account is disabled. To regain access, the user must have an active provider administrator reinstate their access.

If a user does not log in after being disabled, their user ID will be permanently deactivated after 120 days of inactivity.

If no provider administrators on the account log into eServices within 120 days, the entire account, including all users, are terminated. To regain access to eServices, the provider must re-register.

If a provider administrator has not logged into their account in the past 120 days, but there is another active provider administrator on the account, then only their access is terminated. To regain access the user must have an active provider administrator assign them a new user ID and temporary password.

User enters registration information incorrectly eight times.

If an error is encountered during the registration process (e.g., incorrect payment amount entered) the account will be locked for 60 minutes. This is a CMS security requirement. The provider may attempt to re-register after the 60-minute time period has expired. We are unable to unlock accounts that are in the 60-minute lockout period.

User tries to register eight times before the 60-minute registration lockout has expired,

or

User tries to incorrectly register and goes through the 60-minute registration lockout two times.

The provider’s registration record is locked indefinitely. The user will receive a message that they need to call in and verify their identity. Please contact the Provider Contact Center for assistance.

A registered user who already has a user ID is locked out of their account because of improper log out.

The user must wait for the 30-minute lockout period to expire before attempting to log in again. We are unable to unlock IDs that are in the 30-minute lockout period.

Provider administrator has not completed recertification in the past 360 days.

All users are locked out of their account and must contact one of the active provider administrators on the account to complete recertification and restore access. Provider administrators are directed to the recertification screen and will be locked out of other functions of eServices until recertification is complete.

Provider user or administrator has not completed profile verification in the past 250 days.

The user will be directed to their My Account tab and will be locked out of other functions of eServices until profile verification is complete.

Provider administrator failed to complete recertification within 360 days.

If no provider administrators on the account complete the recertification within 360 days, the entire account, including all users, are terminated. To regain access to eServices, the provider must re-register.
Provider user or administrator has not completed profile verification in the past 260 days.

If a provider user does not complete profile verification at least once every 260 days, their account is terminated. To regain access, the user must have an active provider administrator assign them a new user ID and temporary password.

If no provider administrators on the account complete profile verification at least once in the past 260 days, the entire account, including all users, are terminated. To regain access to eServices, the provider must re-register.

User selects the browser's "back" button.
The user will be logged out of the application and redirected to the eServices login page.
User is inactive in eServices for 30 minutes.

If a user becomes inactive for 30 minutes while logged into eServices, their session will time out.

If they become active again during that time, the session will remain open until activity stops again, in which case the 30-minute inactivity clock starts again.

After 25 minutes of inactivity, the user is prompted with a pop-up reminding them of the timeout limit and gives them five minutes to become active again before they are logged off.

Was this article helpful?