Microsoft Two-Factor Authentication on Linux & Unix
                            2020-09-18

1.  Introduction

The University of Western Australia has recently implemented strict
requirements to use Two-Factor authentication  when  accessing  any
Microsoft-authenticated  services from off campus, such as Webmail,
Onedrive and the Learning Management  System.   Unfortunately  they
have also disabled the use of App Passwords, breaking compatibility
with older  email  clients,  and  have  also  disabled  alternative
authentication  methods,  such  as email. This is a problem if your
phone is flat, broken or otherwise unavailable.

There is an easy solution though if you're on Unix or Linux in  the
form of Oathtool.

2.  Installing Oathtool

Oathtool  can  be installed via brew on Mac, or apt on Debian-based
systems.

    ___________________________________________________________

    brew install oath-toolkit
    apt-get install oathtool
    ___________________________________________________________



3.  Getting your 2FA Key

Go to https://aka.ms/mfasetup, and follow the  normal  process  for
adding  an  additional authentication method. If this is your first
time setting up 2FA, you will be forced to  add  an  authentication
method.  If you already have an authenticator added, head to [Secu-
rity Info] -> [Add method], and choose  [Authenticator  app].  When
prompted,  hit  "I want to use a different authenticator app", then
"Can't scan image?". This will generate a secret key and display it
on the screen:

    ___________________________________________________________

    Scan the QR code
    Use the authenticator app to scan the QR code. This will connect your authenticator app with your account.

    After you scan the QR code, choose "Next".

    Authenticator App Scan Icon
    Can't scan image?
    Enter the following into your app:

    Account name:  The University of Western Australia:12345678@student.uwa.edu.au
    Secret key:  zgcypvf4q5ghh3qf
    ___________________________________________________________


The  secret  key is the part that's required to generate future One
Time Passwords.  This can be done with the following command:

    ___________________________________________________________

    $ oathtool --totp -b zgcypvf4q5ghh3qf
    472894
    ___________________________________________________________


To make this easy, I've added it as an alias to my ~/.bash_rc:

    ___________________________________________________________

    alias uwa="oathtool --totp -b zgcypvf4q5ghh3qf"
    ___________________________________________________________


Now, when you need to sign-in to UWA services, just type  "uwa"  at
the command prompt - no phone necessary!