Secure Purdue Information Technology

Multifactor Authentication

What is Multifactor Authentication?

Multifactor authentication (MFA), sometimes called two-factor authentication (2FA), adds an extra layer of security beyond your password. MFA helps protect your account by requiring a second form of verification, making it much harder for unauthorized users to gain access. 

At Purdue, MFA through Microsoft Entra ID is used to protect access to university systems and data. MFA is required for access to Purdue IT resources where technically possible, and is mandatory for certain types of access, such as privileged or administrative accounts.   

MFA is strongly recommended for any account that contains sensitive information, including personal, financial, or academic data.

Microsoft Authenticator App (Recommended)

The Microsoft Authenticator app is the recommended method for MFA.  Directions for enrolling can be found below: 

Enroll in MFA methods (New Users)

Add the Authenticator as an additional method (Already Enrolled) 

Enrollment Tips 

  • Download the FREE Microsoft Authenticator app. There will be no cost associated with the application.  
  • When setting up the app, be sure to add and use your school or work account (your university account), not a personal Microsoft account. 

Using the Authenticator app 

To sign in using the Authenticator app: 

  1. Sign in to an application using your career account username@purdue.edu and password. 
  1. A notification will be sent to your mobile device. 
  1. Open the Microsoft Authenticator app using your school/work account and:  
  1. Approve the sign-in request, or 
  1. Enter the number displayed on your screen (if prompted) 

If you do not receive a notification, open the app manually to approve the request. 

Note: For the VPN, you will sign in with your username and password. 

Sign-in Tips 

  • Keep your phone nearby when signing in 
  • Approve requests promptly, as they expire after a short time 

Security Keys

If you do not own a smartphone, or plan to be in a part of the world where you will not have Internet access and are therefore unable to use Microsoft Authenticator, a physical token may be utilized.   Microsoft Entra ID supports physical security keys for MFA. 

If you require a physical security key, Purdue IT recommends the YubiKey 5 Series Models for compatibility and support. 

USB-C YubiKey 5C NFC Two-Factor Security Key | Yubico 

The YubiKey 5 Series Models meet all Entra ID requirements and are the preferred models for Purduemanaged deployments, documentation, and support workflows. 

For details on purchase and enrollment, visit the article: How do I obtain a physical token fob for MFA? 

MFA Security Best Practices

  • Never approve an MFA request you did not initiate 
  • Report unexpected or repeated MFA prompts to it@purdue.edu immediately 
  • Do not share your device, authentication app, or security key 
  • Keep your devices updated and protected 
  • Enroll a minimum of two methods – the Authenticator and a backup method – to ensure that you can sign-in even if your primary method is unavailable 

Need Help?

If you need assistance setting up MFA or using Microsoft Authenticator or a security key, please contact the IT Service Desk.  Visit https://it.purdue.edu/help/index.php for more information. 

Contact Us