May 8, 2024

Circumvent Purdue Microsoft Authenticator

Per the Purdue IT department:

"The Microsoft Authenticator app can be setup on a smartphone or tablet. If you don't have any smart device to connect it to, please visit https://service.purdue.edu/TDClient/32/Purdue/KB/ArticleDet?ID=524 for information regarding getting a hard token for Microsoft Authentication."

Obviously Purdue wants us to either use some shady Microsoft app or actually pay 20 bucks. So here is a way to not do either.

  1. Go to Microsoft Sign-in management at https://mysignins.microsoft.com/security-info.
  2. Choose Add sign-in method - Authenticator app.
  3. Select I want to use a different authenticator app.
  4. Click Next - Can't scan image? and record down the Secret key (e.g. `qldthfnyvkv6jw7f`).
  5. Find any TOTP generator online (e.g. https://totp.danhersam.com/) and paste in the secret key to get the one-time code.

WARNING: Entering your secret key onto any unvetted third party carries a risk if the third party is recording the secret key. I have not personally checked any TOTP website for its security.

Contact Information

Lawson Computer Science Building
305 N. University Street
West Lafayette, IN 47907-2107
United States of America
Institutional: luo401 [at] purdue [dot] edu
Personal: zhtluo [at] gmail [dot] com

Copyright © 2021-2025 Zhongtang Luo