I am just experimenting with Passwordless Account in MS Live.
I am having a little bit of an issue and was wondering if somebody can help me please.
So, I created a passkey that is stored in BW. If I attempt to login to my live account, it asks me to verify my account. TOTP stored in BW. This is working as expected.
Now, if I try to setup Passwordless Account, it wants to create a new TOTP, an eight digit one. This is a little bit of an issue as BW creates a six digit one.
Until someone else with an MS passwordless account comes along and gives you a better answer, I’d suggest looking into using the Microsoft Authenticator app on your phone (for Microsoft accounts only). It provides a passwordless login experience where passkeys aren’t an option. The app also generates an 8-digit code, but I’m not sure if that’s related to the 8-digit code you mentioned.
I’ve had some bad experiences with Microsoft sending OTP codes for authentication that didn’t work. I also had an issue with a passkey stored on a FIDO2 key that failed and had to be set up again. I’m more wary about Microsoft’s account recovery process (like losing all your passkeys and your phone with the MS Authenticator) than I am about getting phished.