Unable to Create a Sync-able Passkey for a Personal Microsoft Account

The topic of sync-able passkeys for a personal Microsoft account [ Microsoft account | Sign In or Create Your Account Today – Microsoft ] is not new here. I wanted to report the results of my attempt on this day (4.26.2025) to create a sync-able passkey for my own personal Microsoft account: Microsoft did not allow BitWarden to store my passkey. Microsoft does allow sync-able passkeys, but they have to be stored in your Microsoft account.

Hey there, can you share more on your setup? I’m able to create a Microsoft passkey and store/retrieve it from my vault.

Thanks for your reply! While waiting for my question to be approved, I continued to try different ways to store a passkey for my Microsoft account in Bitwarden. I did achieve success … sort of.

I was trying to setup a passkey for my Microsoft account using my Windows 11 PC. I only ever access my Microsoft account from my PC. I can’t imagine wanting to sign in to my Microsoft account on my phone, unless there was absolutely no other way.

I went wrong originally because I chose “Use an app” as shown below. Bitwarden is, after all, an app.

I discovered that when Microsoft says ‘use an app’ they mean an authenticator app, not a password manager. I might have known that, since Microsoft wants you to use an app ‘on your phone.’

Next, I tried “Face, fingerprint, PIN or security key” and this time, Bitwarden opened and created a passkey for my Microsoft account, although it did not ask for a ‘face, fingerprint, PIN or security key.’

And it didn’t matter anyway, because the next time I signed in to my Microsoft account, I had to enter my password, just as always. Unfortunately, I can’t show this to you, since “new users can only put one embedded media item in a post.”

So I am no further ahead and still ‘sharing a secret’ to access my Microsoft account.

After you entered your password, did it prompt you for your Passkey as a 2FA method?

There are some websites (I have one that I use) which requires me to enter a UN and PW, and then my Passkey can be used as 2FA.

@Constable Welcome to the forum!

Your tag shows “app:desktop”, but…

… that indicates, you are using the Bitwarden browser extension for that passkey adventure?! (because, the Bitwarden desktop app can’t store and use passkeys at the moment)

Do you use other passkeys successfully with Bitwarden and only Microsoft doesn’t work?

Especially if this is your first passkey with Bitwarden: did you follow these instructions here?

Microsoft is not on your “Excluded domains” list of the Bitwarden browser extension?

Sorry for not replying in a more timely way. I don’t want to experiment too often with signing in to my account, lest I lock myself out if Microsoft suspects I’m an attacker trying to break in to the account.

Yes, I did use the Bitwarden Chrome extension to create my passkey. That choice was actually made for me by Bitwarden, as the extension opened by itself and asked me if I wanted to create a passkey. When I agreed, Bitwarden went ahead and created a passkey, without first asking me to authenticate to my device - my PC - which I was not expecting to happen. Had I been given a choice, I would have chosen a PIN, since I have neither the right kind of camera, nor a fingerprint reader, nor a security key.

The next time I tried to sign in to my Microsoft account, after entering my account username, I was offered the opportunity to ‘use my face, fingerprint, PIN or security key’ presumably to authenticate to my device so that my passkey could be unlocked.

But there was nothing I could do here, since I was never given an opportunity to choose a PIN. So I had to use my account password, just as if I had not chosen a passkey. After that I had to enter a 2FA code from my authenticator app, and then I was in.

So that there is no misunderstanding, I am not faulting Bitwarden for anything. Companies have not standardized on the process flows and interfaces for passkeys, but I have confidence that this will all be worked out in time.

You asked if this was my first time creating a passkey with Bitwarden. It’s actually the second time. My first time was with Amazon, and that went off smoothly. Now, when I go to sign in to Amazon, all I have to do is enter my username, and I’m in.

@Constable Sorry for the delay…

I just re-created my Microsoft passkey…

So, at this point you described here… when you login that way, Bitwarden should open a passkey-popup, asking you to choose the passkey to login, like this:

Are you sure, you indeed stored the passkey in your Bitwarden login item for your Microsoft account:

?

So, to be sure - when you registered the passkey, did you do the following (?):

  1. I think, you already did this the right way: Logged in to Microsoft → Security settings → Add “passkey”… and choose Face, Fingerprint, PIN or security key
  2. After that, Bitwarden should open a “Save passkey”-popup, like this:

(I made the screenshot, before I deleted my Microsoft passkey for further testing… but the popup looks similar… you should choose your login item to store the passkey in)

  1. Microsoft asks you to give the passkey a name on their side:

After that, you should see your passkey on Microsoft’s side (and on Bitwarden’s side, like in one of my previous screenshots):

There are some websites (I have one that I use) which requires me to enter a UN and PW, and then my Passkey can be used as 2FA.

Okay, but the whole idea of a passkey is that you don’t have to share a password.

Correct, correct … I saw everything that you illustrated in your screenshots. Everything. And yet, I still must enter my password and then authenticate with a 2FA code before I can access my Microsoft account. It’s as if I never setup a passkey at all. (And yes, I do have a passkey stored for my Microsoft account in Bitwarden.)

Compare this to my experience setting up a passkey for Amazon. The Bitwarden Chrome extension opened a window and asked if I wanted to setup a passkey, I said yes, and it happened. Now, when I sign in to Amazon, all I have to do is to enter my username and tada I’m in.

This is why I believe the problem with my Microsoft account has to do with implementation or interfaces on the Microsoft side. There’s nothing wrong with Bitwarden, since it works beautifully for Amazon.

Yeah, but ultimately, it is up to the websites how they implement passkeys. :man_shrugging:

Amazon is a good example, BTW, because requesting TOTP after you used your passkey, is also an outlier. (on most sites, a passkey is seen as “having/being also MFA” so that you don’t have to use any other 2FA/MFA besides the passkey)

Okay, but that is confusing - if it all is the same you did, and you must enter your password for login and I don’t have to do that, then something must still be different, I think. – If you do have stored a MS-passkey in Bitwarden, then you should be able to login without password and separate 2FA to Microsoft, just like I can…

From a previous post of yours:

If you indeed used Bitwarden here to store the Microsoft passkey, then you can’t enter a PIN. – What they (MS) mean here with biometrics and PIN is User Verification (UV), which is a part of passkeys. If you stored your MS-passkey in e.g. Windows Hello, than you would need to “perform” biometrics (fingerprint or face recognition) or type your Windows Hello PIN, if set up.

With Bitwarden, you can use passkeys - at the moment - without any UV.