Passkeys added to the Windows 11 Account settings don't show date created?


W

win11freak

Well-known member
Member
Local time
11:07 PM
Posts
211
OS
Windows 11 Pro 22H2
As the Thread Subject says, why doesn't my Windows Hello created passkey which i created through my MS Account security page doesn't show the date created?

The only option is to Delete a passkey but no creation date.

On the MS Account security section under Manage How I Sign in, the Windows Hello passkey shows the date created there, but not when I go into the Account section in Windows 11.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2
I don't know why, but I want to note that what I see on my account is different from yours.

Yes, ALL the passkeys kept by Windows Hello don't show any creation dates.

On my "Manage how I Sign in" page, it only shows passkeys (with dates) for any non-Windows Hello passkeys (such as on a security key) for the account. For Windows Hello passkeys, it doesn't show ANYTHING at all; there are no indications of which machine I can log into my MS account with Windows Hello. The only option to invalidate the Windows Hello passkeys is to "Reset Windows Hello on all of my Windows devices," supposedly resetting ALL passkeys stored with Windows Hello on ALL devices.
I hate how Microsoft thinks MS account security should be managed with a passion. If my account is taken over, it's probably hard to get rid of the attackers because I will miss resetting some options here and there. If they are competent (they probably are reading from an attack manual anyway), I would lose all access to this account regardless of how I set it up.

The only indication I have is to click on the "Devices" page, which shows all the Windows devices I have logged into using my MS account.
 

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
For Windows Hello passkeys, it doesn't show ANYTHING at all
Click to expand...

I just performed myself a test since I have other ways to sign in to my MS Account preventing myself from being locked out from my account.

I went to the How I Manage to Sign In page on the MS Account Security, and REMOVED the Windows Hello passkey option. However, under the Windows 11 Account Settings page for Passkeys, I did NOT remove that. Then I signed out and signed back in even in New InPrivate Window using Edge browser, I was still able to sign in using Windows Hello Passkey.

But this leaves us asking ourselves as to why this is?

Perhaps the Windows Hello passkeys are stored on the TPM of each machine? Is this where Windows Hello saves all the Passkeys is on the TPM?
Like mentioned, I did not delete the login.microsoft.com passkey entry that was added from the Windows 11 Account Passkey page. Only from the MS Account Security - Manage How I Sign-In.

EDIT >>> Even tried Deleting the login.microsoft.com passkey entry from the Windows 11 Account Passkey page and it tells me this passkey cannot be deleted as it is being used to sign-in on this Device even though I removed the Windows Hello passkey entry from the MS Account Security page. This leads me guessing that the Windows Hello passkeys are actually stored in the TPM of the device. But, please correct me if I am wrong.

EDIT-2 >>> Ok, now it seems to make more sense. I am still using the Windows Hello PIN as my main Sign In to my device/laptop, so I guess this would be the case as to why I still can be able to sign in to my MS Account services such as Outlook with the Windows Hello PIN even though I removed it from the MS Account Security page under Manage How I Sign In.

I am using a LOCAL ACCOUNT to Sign In to my machine.

Is someone knows more about this topic, please add your expertness - I would appreciate it.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro 22H2
If you have other ways to sign in, I suggest you try "Reset Windows Hello on all of my Windows devices," log out on the browser, close the browser (making sure it's completely killed), restart it, and try logging in incognito mode. See if the passkey retained on Windows still works.
 

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
echo2446 said:
If you have other ways to sign in, I suggest you try "Reset Windows Hello on all of my Windows devices," log out on the browser, close the browser (making sure it's completely killed), restart it, and try logging in incognito mode. See if the passkey retained on Windows still works.
Click to expand...
Will this also wipe out the Windows Hello PIN for signing into my laptop?
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2
I just tested it. Your Windows login won't be affected, but you can't authenticate against your Microsoft account with any PC's Window hello that you previously could.

Interestingly, this time, when I added the Windows Hello passkey back, it showed up in the passkey list. You will have to authenticate and add Windows Hello back to the passkey list to use it for authentication again.

I personally think Microsoft treats Windows Hello passkeys differently when used against MS accounts. Even if your computer isn't listed, even by deleting the key, you may be able to use it until you "Reset Windows Hello on all of my Windows devices."

When you are dealing with passkeys with a Microsoft account, remember there are a relying-party (Microsoft account server) component and an authenticator (Windows Hello) component. The relying party keeps the passkey's public key and associated data. The authenticator keeps the private key and associated data. Windows Hello protects the passkeys with the help of TPM; it doesn't necessarily keep all the private keys in the TPM. You virtually have no limit on how many passkeys you can store on Windows, and the private information can't ALL be kept on the LIMITED hardware. Windows is using some kind of multi-tier key structure, using the TPM to protect the data it keeps on disk. This is in comparison with hardware security keys, which I think can only keep up to 100 discoverable passkeys on some models.

When you delete the passkey from the relying party, the deletion doesn't propagate to the authenticator; you will have to delete the credential from the authenticator manually if you want to reclaim the slot. There was a web article recently that listed this issue as one of the hiccups with passkeys.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
I actually REMOVED my Windows Hello PIN from the Windows Sign-In Options and then managed to delete the MS Account passkey entry from the Windows Account Passkey setting and then re-added the Windows Hello Passkey again from the MS Account Security page. Now Windows Hello shows up on the Manage Ways to Sign In entry list on the MS Account Security page.

I was afraid to use the "Reset Windows Hello on all of my Windows devices" as suggested, since I am using a LOCAL ACCOUNT to Sign-In to my PC, I was just afraid to perform this method.

Appears to be all good now.

Thanks for the suggestions and help
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2
You must log in or register to reply here.

Similar threads

[Issue] Windows 11 Account Reauthentication PIN pop-up whenever I switch user accounts
Replies
5
Views
3K
SM03
SM03
  • Sticky
  • Article Article
WIP Windows 11 25H2+ Unattended Setup & App Integration Guide
2
Replies
27
Views
637
hsehestedt
hsehestedt
  • Article Article
New experiences currently rolling out for Windows 11
Replies
2
Views
2K
Hazel123
Hazel123
  • Article Article
Insider KB5065789 Windows 11 Insider Release Preview build 26100.6725 (24H2) and 26200.6725 (25H2) - Sep. 29
11 12 13
Replies
250
Views
54K
Brink
Brink
  • Article Article
What is new in Windows 11 version 25H2
Replies
10
Views
11K
Steve C
Steve C

Latest Support Threads

Latest Tutorials

Back
Top Bottom