May 8, 2024

Circumvent Purdue Microsoft Authenticator

Per the Purdue IT department:

"The Microsoft Authenticator app can be setup on a smartphone or tablet. If you don't have any smart device to connect it to, please visit https://service.purdue.edu/TDClient/32/Purdue/KB/ArticleDet?ID=524 for information regarding getting a hard token for Microsoft Authentication."

Obviously Purdue wants us to either use some shady Microsoft app or actually pay 20 bucks. So here is a way to not do either.

1. Go to Microsoft Sign-in management at https://mysignins.microsoft.com/security-info.
2. Choose Add sign-in method - Authenticator app.
3. Select I want to use a different authenticator app.
4. Click Next - Can't scan image? and record down the Secret key (e.g. `qldthfnyvkv6jw7f`).
5. Find any TOTP generator online (e.g. https://totp.danhersam.com/) and paste in the secret key to get the one-time code.

WARNING: Entering your secret key onto any unvetted third party carries a risk if the third party is recording the secret key. I have not personally checked any TOTP website for its security.