Overseas Travel Authentication Using Apps (Duo Mobile/MSAuth)

While traveling overseas, you may encounter spotty cellular reception that makes it difficult to use SMS as your main method of authentication when accessing your email and Purdue resources that require Purdue Login 2FA (Duo App).  For this reason, we highly recommend you have enabled an authentication method that utilizes an authentication app you install on your phone to verify your login.  This method also prevents you from worrying about roaming/texting fees with your cellular provider while traveling abroad. 

Below we have included the necessary information to set up both Purdue Login 2FA and Microsoft multi-factor authentication methods using the most popular and seamless applications: 

• Duo Mobile (Purdue Login two-factor authentication)
• Microsoft Authenticator (referred to as MSAuth from here on).  

Purdue Login two-factor authentication using Duo Mobile:

Below you will find the directions to follow to set up your Purdue Login 2FA to be used in conjunction with the Duo Mobile application.  We feel it is also prudent to include a section for enabling self-recovery for your Purdue Login 2FA if this has not been done yet (and recommend everyone regardless of travel do so to prevent lock-outs from occurring and stifling your ability to work and access Purdue resources).

• Purdue Login 2FA self-recovery

Purdue Login 2FA Self-Recovery:

This is an extremely important step to make sure you do before traveling.  It will ensure that if you lose or damage your phone or need to troubleshoot your Purdue Login 2FA, you will have a way of doing so.  If Duo Mobile is unresponsive you can click the link directly below the Purdue Login page and put in your cell phone number to receive a text message with a Purdue Login code which will bypass the push notification. 

To set this up:

1. Sign in to https://www.purdue.edu/apps/account/UpdateCellPhone

2. Click on "Register for Self-Recovery"

3. Enter your cell phone number and click "Text a code" 

4. Your phone number will receive a text with a 6-digit code, enter this now and click "Verify Code"
   
   

The Following sections ('One-Time Use Backup Codes' & 'Settings up Duo Mobile') are no longer applicable. See FAQ and up-to-date Purdue Login 2FA procedures here: https://it.purdue.edu/login/index.php

BoilerKey One-Time Use Backup Codes

We also recommend printing a list of One-Time Use Backup Codes (found at the bottom of the page) by clicking "Obtain List of BoilerKey One-Time Use Backup Codes" that you can use if your phone is not working or Duo is not responding. 

Be very careful with this list, store it in a safe place and remember the following:

• Each backup code is used in place of the word, "push" or the 6-digit code generated by the app or hardware token meaning they will appear as 9-digit codes versus 6. 
• You can only use each code one time.  So cross the code off that you use immediately after.
• Each time you generate a list of codes, the preceding list is destroyed and none of the original codes will work, even if you have not used them yet.
• These backup codes are exactly that, backups and should only be used IF and WHEN necessary

Setting up Duo Mobile two-factor authentication:

If you have not done so already, the first "step" is to make sure you have Duo Mobile installed on your smartphone.  You can find it by searching for it in your Google Play (Android) or App Store (iPhone).  This assumes you have already set up your Purdue Login two-factor authentication with the other form called a "hard-token" or "hardware-token" and are returning to add or change it to using Duo Mobile instead.

1. Sign in to https://www.purdue.edu/apps/account/BoilerKey/

2. Click on "Manage"

3. Click on "Set up a new Duo Mobile BoilerKey"

4. Enter your 4-digit PIN number where prompted

5. Enter a name for your device, such as "iPhoneXR" or "MyCell" (no spaces are allowed)

On your smartphone, open Duo Mobile:

1. Locate "Add Account" or tap the plus (+) symbol in the top-right corner.

2. Tap "Use QR code" at the top of the screen

3. Allow your phone's camera to scan the QR code (it may ask you to allow camera and/or notifications, tap YES)

4. It will automatically scan the code and add the account to your listed accounts in your Duo Mobile application

5. Lastly, make sure you enable notifications in Settings on your phone to allow all notifications from Duo Mobile

6. Test your BoilerKey to make sure it is prompting you from your phone by signing in to any Purdue resource that requires BoilerKey, OR selecting the "Test your BoilerKey" from the main page

Congratulations!  You have successfully linked your Duo Mobile authentication application to your BoilerKey!

Microsoft MFA using MSAuth:

We have included a step-by-step overview of the process below that you can follow, but the link above has pictures to reference and goes into more detail about setting up and changing authentication methods beyond the scope of this article, so we recommend reading that one first.  Please let us know if this gives you any trouble adding the authentication method to your account and drop us a ticket if you are running into problems.

The steps to take are as follows:

1. Visit https://myaccount.microsoft.com/ 

2. Login to your account

3. Click on "Update Info" under "Security Info" 

4. Click on "Add method" 

5. Select "Authenticator app" from the drop-down options then click "Add"

6. You can either use the Microsoft Authenticator app or another authentication app, however, we recommend MSAuth for this

7. Search for "Microsoft Authenticator" on your phone's app store and download

8. Click "Next" on the computer once the app has been installed on your smartphone, you should see a QR code appear on the screen

9. Open the app and tap the option for "Scan QR Code"

10. Tap "Allow" on your smartphone to allow camera usage by the app, then scan the QR code showing on the computer screen and click "Next" once the app has finished scanning the code

11. Click "Next" on the computer

12. Click "Approve" on your phone.  If the request times out, click back and rescan the code from your phone.

13. Click "Next" on the computer, you should get a notification that says "Successful" and the phone should now appear under your sign-in methods

14. Lastly, where the bold text reads "Default sign-in method: " click "Change" and select "Microsoft Authenticator - notification" for the default method.

You should now have successfully changed/added your MSAuth application to the sign-in methods for your account and made it the default.