This article addresses frequently asked questions about passkey support in Microsoft Authenticator. Keep checking back for updated content.
How does Microsoft Authenticator store passkeys on a device?
Authenticator passkeys are backed by hardware.
On iOS, Authenticator stores the private key in the Secure Enclave.
On Android, Authenticator uses the Android Keystore system API to securely store device-bound passkeys. The Android Keystore system supports binding key material to the secure hardware of an Android device, in this order of preference:
On Android, Authenticator only stores a passkey (private key) if the Android device has one of these two secure hardware options. If neither hardware option exists, Authenticator passkey registration fails, even if attestation is disabled.
Can I restore or sync Authenticator passkeys to a new device?
Authenticator passkeys are only device-bound and can't be synced. For more information, see Device-bound passkeys in Microsoft Authenticator.
Do I need to enable Bluetooth to perform cross-device authentication?
To use cross-device authentication with passkeys in Authenticator, you must enable Bluetooth and have internet access on both devices.
Why do cross-device sign-in and registration fail with "Device couldn't connect"?
Make sure both devices have internet access and Bluetooth enabled. For cross-device registration and authentication, users can't use cross-device registration or authentication if you enable attestation.
| Platform | URL |
|---|---|
| Android | cable.ua5v.com |
| iOS | cable.auth.comapp-site-association.cdn-apple.comapp-site-association.networking.apple |
If your organization restricts Bluetooth usage, you can permit Bluetooth pairing exclusively with passkey-enabled FIDO2 authenticators to allow cross-device sign-in and registration of passkeys.
Can I have multiple passkeys in Authenticator?
You can have only one passkey for each account in Authenticator. At this time, Authenticator only supports passkeys for Microsoft Entra ID.
Can I use the Authenticator app camera to scan the WebAuthn QR code for registration and authentication?
You can use the Authenticator camera to register and authenticate with passkeys. This option is useful if your organization doesn't push the system camera app to Android Work Profile.
Can I use passkeys in Authenticator without an internet connection?
You can't use passkeys without an internet connection. For same-device scenarios, the mobile device that contains the passkey needs internet access. For cross-device scenarios, both the device with the passkey and the secondary device where you want to sign in need internet access.
I'm on an Android 14 device, and I followed all the steps. Why can't I register passkeys in the Authenticator app?
The Authenticator app uses Android APIs on Android 14 or higher to use passkeys. Manufacturers choose whether or not to implement these APIs for each device they make. If your device doesn't support these APIs, the Authenticator app might not work for your device on Android 14. For the best experience, we recommend that you upgrade to Android 15.
Why do I get prompted for PIN instead of biometric sign-in on my Android device?
If biometric sign-in fails on an Android device, the Authenticator app will prompt you to enter your PIN instead. The next time you sign in with the passkey, Authenticator continues to request the PIN rather than biometric sign-in. Authenticator periodically retries biometric sign-in. If biometric sign-in succeeds, it will be used for subsequent sign-ins.
What happens to my passkey after I change my PIN or biometric sign-in on my Android device?
Your passkey is invalidated if you change your PIN, or if you change your biometric sign in from thumbprint to face, or vice-versa. If your passkey is invalidated, you need to sign-in by using a different method, and then create a new passkey.
Can I sign in with a passkey in Authenticator in China?
No. Only limited authentication methods are available for Authenticator in China. For more information, see Download Microsoft Authenticator in China.