Is your security key listed under Security > Manage how I sign in > Ways to prove who you are in your Microsoft account?
Is two-step verification enabled?
Passkeys are first not used, then missing under Security
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 40%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
mark k
0
Reputation points
Over the months of logging in/out of Microsoft accounts where the Passkey options would come up first. I would then select to use Password instead to login to the accounts, I decided to buy a Yubikey. I did not want to create passkeys in Windows 11 using Windows Hello security. I did not want to use Passkeys tied to one device and no back up option. After getting the Yubikey, I set up all my Microsoft accounts to log in using Passkeys. This has been working good over the months, until recently.
The past several Windows Updates that installed in Windows seems to have changed something, or Microsoft change the handling of creating and using Passkeys.
When I try to log in to various Microsoft accounts, I had to select the Security device option to log in using the Passkey. Prior to this, I would just click Security key, enter PIN, and touch Yubikey to authenticate in the accounts. Some of the accounts stopped prompting for the passkey or experienced an error when trying to log in with the passkey. When I logged in to these Microsoft accounts using the Password, I would go in to the Security settings and some would stills how the passkey there, or the passkey no longer existed. Either way, I would have to re-create these passkeys.
Did Microsoft recently change anything that would cause these passkeys to suddenly fail or get remove from these Microsoft accounts? I find this rather strange because Microsoft is pushing users to use passkeys.
My other non-Microsoft passkeys are still working and no problems, just the Microsoft passkeys are the problem. Just wondering if any TPM 2.0 updates ocurred to cause these problems.
Windows for home | Windows 11 | Security and privacy
3 answers
Sort by: Most helpful
-
Craig Long 15,880 Reputation points Volunteer Moderator2025-10-23T19:35:21.3633333+00:00 -
mark k 0 Reputation points
2025-10-23T19:46:19.47+00:00 The answer to both of your questions is, Yes. My other Microsoft accounts are set up the same way and just the Passkeys keep removing. I am baffled by this problem.
Note: screen shot information removed as someone uncovered my phone number and email address from screen shot. Rather than painting over the information, I removed it from the image.
-
Craig Long 15,880 Reputation points Volunteer Moderator
2025-10-23T20:08:31.6466667+00:00 I don't know why they are being removed.
I got this AI-generated response:
Passkeys may appear to be removed from your Microsoft account due to several reasons, including a user-initiated deletion in the Microsoft Authenticator app, a security policy change, or a system-level issue like a change in your User Principal Name (UPN).
So perhaps it's due to a security policy change?
Does it keep on happening?
-
mark k 0 Reputation points
2025-10-23T20:18:20.1366667+00:00 I don't use the Microsoft Authenticator app for passkeys, but these Microsoft accounts do authenticate at times through the Microsoft Authenticator app where I enter the number shown. I don't use any policies (Windows 11 Pro). No account changes of name or anything. I only use local accounts.
I have been searching for a possible way that these passkeys are removing from the Microsoft accounts. I only know when the passkey gets removed when I cannot login to the account using the passkey. I then login using the password, and re-create the passkey(s).
Over this month so far it has happened about eight (8) times on 3 Microsoft accounts.
Something changed when the last several Windows Updates installed in Windows 11 Pro.
I am about ready to give up and just use passwords/MFA again. I had no problems using that authentication method.
Sign in to comment -
-
Craig Long 15,880 Reputation points Volunteer Moderator
2025-10-23T20:21:38.1733333+00:00 Maybe a policy change?:
Quote:
Microsoft has announced that on September 30, 2025 they will deprecate the legacy multifactor authentication (MFA) and self‑service password reset (SSPR) policies in Microsoft Entra ID. After this date, all authentication method management will move to the unified Authentication Methods policy.
-
mark k 0 Reputation points
2025-10-23T20:29:24.8366667+00:00 The Microsoft accounts all have MFA enabled, just not sure if what Microsoft did affected those accounts.
I think I may have found a relationship of this problem:
Google search:
Changing a user's User Principal Name (UPN) affects their login and primary email address, and can also break saved links, require re-authentication, and impact integrations like OneDrive sharing and some enterprise apps. While the login itself will continue to work, users may need to sign out and sign back in to see the new UPN in applications like Office clients.
But:
No, a User Principal Name (UPN) does not have SIDs, but every security principal, including a user with a UPN, is assigned a unique Security Identifier (SID). The SID is the fundamental identifier for Windows security, used to track permissions even if the UPN is changed. The UPN is a human-readable name, while the SID is an immutable, unique numerical value used by the system to manage access.
This may relate to this recent update problem:
I do make full images of my system and recently restored the images back to verify that the images are reliable and good to restore. I wonder if this is breaking the internal SID (or something related to the SID) that is causing the passkeys to automatically delete. Just a guess as I do not know all the technical details.
-
mark k 0 Reputation points
2025-10-23T20:34:13.5666667+00:00 FYI - these passkey problems started on/before/after October 1, 2025. Did not have all these problem prior.
-
Craig Long 15,880 Reputation points Volunteer Moderator
2025-10-23T20:57:40.63+00:00 Yeah, restoring from a backup may require re-verification.
Authentication policies did change on Sept. 30 of this year.
-
mark k 0 Reputation points
2025-10-23T21:02:51.83+00:00 That depends on Microsoft from releasing bad updates. LOL.
Since I went through re-created all my passkeys for the Microsoft accounts, it may be a while before one of them loses a passkey. I hope none of them do.
I am just trying to find a pattern of the problem so I can prevent it, but it seems nearly impossible to find.
I may go through all the Microsoft accounts to remove all security except for the password, and set up all security options back. I wondering if Microsoft's change on September 30, 2025 caused this problem. Just a guess.
Thank you for your help on this strange passkey problem.
-
Craig Long 15,880 Reputation points Volunteer Moderator
2025-10-23T21:06:43.0333333+00:00 You're welcome. I think the security issues will get resolved.
Sign in to comment -
-
mark k 0 Reputation points
2025-10-23T23:59:00.5966667+00:00 Update:
I had to delete the passkey in a Microsoft account because it would not allow the account to authenticate correctly. I logged in using the password method (password method seems so much more reliable).
I added the Use an app method back where I set up Microsoft Authenticator app:
Once I authenticated through Microsoft Authenticator app, I wanted to set up my passkey again:
I still have two-step authentication enabled:
I selected the security key option again to set up the passkey:
I went through the steps to create a new passkey again:
I logged out of the Microsoft account. Cleared Microsoft Edge cache, etc. to make sure the account is not authenticated.
When I logged in to the Microsoft account, this time, it worked exactly as it should. I entered the Microsoft account email address, then prompted to select the authentication method, I selected Security Key, and it prompted for the PIN of the security key, touched the Yubikey, and the account authenticated successsfully without any errors.
To correct this problem on my other Microsoft accounts:
- Remove any authenticator apps.
- Remove any existing passkeys created prior to October 1, 2025. (Not sure if that is valid, but based on what I am seeing, prior passkeys do not always authenticate correctly).
- Just make sure you have Password, Text a Code, and/or Email a code set up in Security.
Log out of the account, clear all browsers cache, and log in to the account to set up the authentication in Microsoft Authenticator. After this is successfully set up for you, create your new passkey. I have my passkeys on a Yubikey and it works like it should now.
Based on my experiences so far, Microsoft broke something and after re-setting up all the security methods again, the Microsoft accounts authenticate correctly now.
-
Craig Long 15,880 Reputation points Volunteer Moderator
2025-10-24T00:12:50.0366667+00:00 That's great. I don't think you will have any more problems unless Microsoft makes another change.
Sign in to comment