Solved Passkey (PK) questions


wiganken

Well-known member
Power User
VIP
Local time
1:55 AM
Posts
825
Location
UK
OS
Windows 11 Pro
Windows 11 23H2 build 22631.3880

This thread may turn out to be very long if others are having the same trouble as I am having.

I successfully set up a PK for Amazon.co.uk (photo1) on my Android phone and used it for Amazon on my Windows desktop PC (using Firefox v128.0) but I then wondered what would happen if I signed-out of Amazon on my PC and then sign back in again? I decided to try it out.

In Firefox I signed out okay but could not sign back in again using the PK. I tried twice. Both times I was asked to scan a QR code using my phone and both failed.

‘Windows security’ shows at the top of the ‘Something went wrong’ popup (photo 2).

Does this mean it is a Windows 11 issue and not an Amazon issue?

Luckily Amazon still allowed me to sign-in using my email address and password followed by SMS OTP to my registered mobile phone.

So, now I am signed back in and I see the PK in my account but is it being used I wonder? Since I signed in using emailaddress/PW and SMS OTP is the PK just sitting there dormant? Should I delete it?

I know that PKs are a relatively new technology so maybe it is a bug? Maybe it is best to defer using PKs for another 6-months hoping the bugs will get ironed-out.

Is anyone else having trouble with using passkeys? With Windows, Firefox, Amazon or any other website.

If so then are you using Windows 11 as well?

Incidentally, there are no Amazon dedicated forums where users can post questions or get help hence why I am posting here.

Amazon PK succesfuly set up.pngAmazon PK Sign-In4.png
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
Passkeys have been around for awhile, we're just starting to see wider adoption and support of passkeys in the last few years. They basically consist of a challenge response authorization that produces a cryptographically strong key pair. The public key is transferred to the service (web app) provider (in your case Amazon) and the private key is stored securely on your device usually behind a physical key (like a Yubi), a pin or biometrics. Most services will allow any authentication methods you have configured which is why user/pass works and will continue to work. Your error looks Windows related, but obviously hard to say why the error is generated. How are you authorizing the passkey? Does it prompt for a pin, finger print or key etc?
 

My Computer

System One

  • OS
    Windows 11
I've never actually looked at the logs prior to now :)
You will need to look at logs relating to the authorization/unlock method such as biometrics and the framework passkeys/web apps use which is called WebAuthN which is in eventlog as...
'Applications and Services Logs' > Microsoft > WebAuthN > Operational
I beleive event id 1003 is the beginning of a passkey assertion request which should be followed by an 1103 which identifies the relaying party (your web app)
 

My Computer

System One

  • OS
    Windows 11
How are you authorizing the passkey? Does it prompt for a pin, finger print or key etc?
When I click on 'Use a passkey' (photo 1) a popup shows (photo 2) with a list of options to select. I select my phone and a QR code is shown on the Windows screen and I am asked to scan it using my phone (It is the same phone that I used to create the passkey in the first place so it should contain the correct passkey). I do this but get the 'Something went wrong' message.

Amazon PK Sign-In1.png

Amazon PK Sign-In3.png
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
In Event Viewer I can see 'Error' for Event ID 1025, which states that 'Key does not exist'. It must have existed because the passkey was created successfully. See post #1. All I did was sign-out of Amazon so does this action delete the passkey? Do I have to create a new passkey?

Error1.png
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
You are selecting the 'My Phone name' correct? This should prompt on your phone provided you saved it on the phone via some password manager, authenticator or wallet.

Replying to your last message...
Go into Settings > Accounts > Passkeys
You should have one for amazon.co.uk

If you do not it's probably not setup correctly. Remove and re add it, you should also end at a "Passkey saved" message on Windows
 

My Computer

System One

  • OS
    Windows 11
I ran through the "My Phone setup" and had no issues. If you do not save it though you will end up with a "something went wrong" in Windows.
 

My Computer

System One

  • OS
    Windows 11
I'll look into it over the weekend. Thanks.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
From which device did you create your Amazon passkey?

Is an Amazon passkey listed in Windows at Settings, Accounts, Passkey settings?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
From which device did you create your Amazon passkey?

Is an Amazon passkey listed in Windows at Settings, Accounts, Passkey settings?
Initially I used my ‘Motorola Edge 40’ Android 14 phone to do it and it was saved to my phone.
There are no passkeys stored on my HP desktop Windows device. That's not for the want of trying.
I have tried now about 12 times and always get the same failure.

In my attempts to create a passkey for Amazon on my HP desktop device I have used Firefox, Vivaldi, Brave, Edge and Google Chrome browsers.

After the sixth attempt I realised that phone & Windows device must be connected via Bluetooth so I made sure that Bluetooth was ‘On’ on both phone and Windows device and paired them.
The odd thing was that my ‘Motorola Edge 40’ phone showed up as an ‘LG’ device in Windows Bluetooth device listing? Because of this I removed the LG from the list of connected devices and I now find that phone cannot pair with HP desktop. Maybe it's this inability to connect via bluetooth and pass the security checks that is stopping me.

This is really stressing me out. I have been trying since yesterday so I think I will give up and stick with username/PW/OTP method.

I know passkeys are safer but it is what it is and I do not intend to lose sleep over it. At some future date we may be forced to use passkeys and I do not know what I will do then.

Thanks anyway.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
I just had a thought: Should I be using my phone to set up passkeys rather than the Windows 11 device? I know it worked with Amazon and when I signed into Amazon on my Windows device I'm sure that I had to scan a QR code on the Windows device with my phone but this is using the PK on the phone, not the Windows device and synching via QR code.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
I was incorrect in my initial thoughts when you use "a phone", your computer only facilities where the 'web app' aka Amazon will contact for the pass key challenge, so it's saved exclusively on your phone. The web app merely is asking Windows which device to use for your pass key which results in the web app and the phone communicating on a back channel (independent of your Windows device )
 

My Computer

System One

  • OS
    Windows 11
When you scanned the QR code did you get prompted on the phone to save the passkey? If not then this may be a phone issue
 

My Computer

System One

  • OS
    Windows 11
I'll look into it tomorrow. My head is currently scrambled.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
I think I know what is happening at last: -
I expected to be able to save PKs to my Windows device but it is not possible. I am able to save them on my Android device so that is the only option I have. At least I know now. See photo and pdf file as to why.

PKs cannot be created on this device (Google).png
 

Attachments

  • Can't save passkeys on Windows PCs.pdf
    129.1 KB · Views: 0

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
but I then wondered what would happen if I signed-out of Amazon and then sign back in again? I decided to try it out.

In Firefox I signed out okay but could not sign back in again using the PK. I tried twice. Both times I was asked to scan a QR code using my phone and both failed.
I still haven't figured this part out though. Here is what Nik Rawlinson states in his Computer Active article: -
"Once set up the PK will be unlocked on your phone each time you unlock your phone. Although created on Android device the PK is stored in your Google account so synchronisation means the PK will also be used to sign into Amazon on Windows 11 devices."

Update 20th July 2024, 13:35 - I recreated a PK for my Amazon account on my Android phone and I can see it is saved there. The words in blue above state that the PK is stored in your Google account but when I look at my Google account on the Windows PC the PK does not show? Synchronization is enabled on my phone but all I see is as per photo. Bear in mind I was not trying to create a PK, I was only looking to see if one was stored there: -

PKs cannot be created on this device (Google).png
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
@wiganken


I would suggest that NOT being an early adopter of these new fangled security methods, would be a good thing.

There seem to be quite a few unaccounted for, issues with a lot of these methods.
Like PK for example. Give it a few months or years until they get ALL the bugs worked out.

I been using the old... user name/password method for 25+ years.
It has "never" failed, thrown up errors, etc.

As grandpa used to say: "Dance with the girl that brung ya". :cool:

Early adoption is fine, if you have a LOT of time on your hands and a LOT of patience.
In the case of security... the 'girl that brung ya' to the dance, is... the user name/password method.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.4112 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
I think you are right. I'll forget about PKs for the next year or so.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP EliteDesk 705 G5
    CPU
    AMD Ryzen 5 Pro 3400GE
    Memory
    8GB DDR4 SDRAM
    Graphics Card(s)
    Integrated AMD Radeon Vega 11
    Hard Drives
    256 GB PCIe NVMe M.2 SSD
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron 15-3576
    CPU
    Intel Core i5-8250U
    Memory
    8 GB DDR4 - 2400 SODIMM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    256GB SK Hynix SC311 SATA SSD
I expected to be able to save PKs to my Windows device but it is not possible.

It should be. I've done it for Microsoft, Google and other accounts for more than five years.

How do you sign in to Windows? (Password, PIN, Face or Fingerprint.)
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
There seem to be quite a few unaccounted for, issues with a lot of these methods.
Like PK for example. Give it a few months or years until they get ALL the bugs worked out.
The only problem with passkeys is incorrect or incomplete instructions because they're not yet widely used.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
Back
Top Bottom