Windows Security has hijacked my attempt to apply a Passcode

Question

Windows Security has hijacked my attempt to apply a Passcode

Dean Porter 40

I was trying to work out how to apply a Passcode to login to to an online account on a Windows 11 notebook with Firefox. The passcode had already been created / registered with Bitwarden authenticator/password manager and shows in the drop down box with a date for the creation.

I could not work out how to apply the passcode so I took a long time messing around. Suddenly Windows Security brings up a window asking for a PASSKEY but saying "Use a phone or tablet" and saying bluetooth is turned off and wants me to turn it on. I do not use my phone for any type of online account activity at all and I hope to never do so. They are too big a risk as they can be easily stolen. My notebook is vastly more secure. Now all I get is this window. If I cancel it I get an error message. When the window is displayed Firefox is frozen. I cannot do anything at all except cancel this window.

I have a Passcode set for Windows Hello but there are no passcodes set for this account. I have checked.

I have a Yubikey fingerprint key but I removed this and it changed nothing. A passkey should require a key of some sort. I don't have any others.

How do I stop this happening? Why is it suddenly asking for mobile connection? I will never put any Microsoft product on my phone (Android). Google is bad enough.

Dean Porter 40 Reputation points

2026-01-28T10:06:07.3+00:00

I am confused as to how the terms "Passcode" and "Passkey" are used. Passkey to me is stored on and provided by a security USB key or similar while a Passcode is provided by an Authenticator program. I am still learning this stuff.

Answer accepted by question author

0 additional answers

Your answer

Dean Porter 40 Reputation points

2026-01-28T10:06:07.3+00:00

I am confused as to how the terms "Passcode" and "Passkey" are used. Passkey to me is stored on and provided by a security USB key or similar while a Passcode is provided by an Authenticator program. I am still learning this stuff.

Answer 1

Huy-K 9,350 Microsoft External Staff Moderator

Dear @Dean Porter,

Thank you for posting your question in the Microsoft Q&A forum.

We apologize for any inconvenience you may encounter when using our services/ products. Based on your description:

Passcode vs Passkey

Passcode / OTP (what Bitwarden Authenticator shows): typically a 6‑digit time‑based code you type into the website after username/password.
Passkey (what Windows Security is asking for): a passwordless credential stored on your PC, a security key (YubiKey), a third‑party passkey manager, or a phone/tablet. Windows then uses Windows Hello (PIN/biometric) to unlock it.

In the meantime, kindly try these following steps:

Use the “password and OTP code” path (Bitwarden passcode)

On the sign‑in page, look for “Try another way” / “Use password instead” / “Use verification code” and choose the method that lets you enter your 6‑digit code (OTP) instead of passkey.

If you intended to use your YubiKey

When Windows Security shows the passkey dialog, choose Security key (or “Choose a different passkey” > Security key) so you can authenticate with the YubiKey instead of phone. Microsoft explicitly lists Security key as a supported passkey location.

Turn off the passkey services you do not want

Open Settings > Accounts > Passkeys > Advanced options.
Toggle off any providers/services you do not want to appear (for example, the phone/tablet option or specific passkey managers), and keep only what you want (e.g., This Windows device and/or Security key)

Disable passkey/WebAuthn prompts (strong “stop it” switch)

In Firefox, open about:config
Search for security.webauth.webauthn
Set the relevant WebAuthn preferences to false.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Dean Porter 40 Reputation points

2026-01-29T04:20:49.2666667+00:00

Thank you for your answer. I have just spent over 5 hours on chat with MS support without any success.

I should explain that I am now familiar with the terms. It was mostly the complexity of the overall problem that caused my difficulty.

Things I would like to point out. I was just trying to set the passkey for the account in question instead of having to find my phone and turn it on for a passcode. This should indicate how much I use my phone.

I had the passkey set in bitwarden. It was visible there. While I was trying to work out how to get bitwarden to apply the key windows security came up with the stuff about a mobile device. That was totally wrong in any way at all. I do not use my phone for anything security related. All security activity is done on my computer. I have never used my phone for any form of security at all. Bluetooth was turned off on this phone when I bought it quite a few years ago and has never been turned on since. I don't use it. WiFi is usually also turned off except for updating. My computer and phone is locked down as much as is possible. I cannot even take photos on my phone.

There are only 2 logins in windows security and one of these is microsoft. Not the problem account. Checked first up.

When this issue happened I had no usable options available. a window with a button to sign in with a passkey which takes me to Sign in with a passkey using bluetooth which would not work as I had never set such a passkey. I am very anal about not using my phone for secure purposes believe me. Click on cancel and it goes back to the previous window. No other clickable options. No other options at all. These 2 windows just went around and around ad infinitum. Nowhere to go but shut it down.

Can you explain to me exactly what setting "security.webauth.webauthn" to false will do?

I have passkeys set on other accounts that work without issue.

Thanks again
Huy-K 9,350 Reputation points Microsoft External Staff Moderator

2026-01-29T05:40:18.1433333+00:00
Dear @Dean Porter,

Based on your question:

What does security.webauth.webauthn = false do?Setting security.webauth.webauthn to false disables WebAuthn in Firefox, meaning Firefox will stop using the Web Authentication API (WebAuthn) that websites use for passkeys / FIDO2 security keys / Windows Hello authentication flows.

In practical terms:

Websites can no longer trigger passkey prompts (including the Windows Security passkey dialog) through Firefox.

If a site supports passwords/OTP as an alternative, it will typically fall back to “password” / “verification code” instead of passkey. This is exactly why Mozilla forum helpers often suggest toggling it off as a workaround when sites “force” passkeys.

If a site is designed in a way that assumes WebAuthn is available once any passkey/security-key method exists on the account, disabling WebAuthn can sometimes cause the sign-in UX to hang or fail to show alternate methods (this behavior has been observed in real-world bug reports when WebAuthn is disabled).

So, it is essentially a browser-level “turn off passkey/WebAuthn support” switch.
Dean Porter 40 Reputation points

2026-01-29T06:47:38.78+00:00

Thanks for that concise answer. I am hoping the problem will fix itself. It is only the one account that has caused the problem and I have managed to remove the Passkey option.

I will wait and see what happens. Consider the problem solved and I will start a new query if I keep having trouble.
Huy-K 9,350 Reputation points Microsoft External Staff Moderator

2026-01-29T23:53:24.4766667+00:00

Dear @Dean Porter,

It is our privilege to assist you with this issue; we are happy that your issue is helped.

Share via

Windows Security has hijacked my attempt to apply a Passcode

0 additional answers

Your answer