It is a priority to keep your data safe and secure. Find out how secure passkeys are with our FAQs below.

Security and privacy questions

Is my biometric data shared?

No, your fingerprint or face identification data stays on your device only and is never shared with 51³Ô¹ÏÍø or Microsoft.

What data is stored when I use a passkey?

When you create a passkey, two pieces of information are created:

1. The private key:

  • stays securely on your device (e.g. desktop, laptop, phone or hardware key).
  • is protected by your device’s security (i.e. PIN, fingerprint, or face recognition).
  • is never shared or sent anywhere.

2. The public key:

  • is stored by the service (e.g. Microsoft 365) you are signing in to.
  • cannot be used to access your account on its own.  
Can someone access my account if they have my device?

If someone gets hold of your device, they can only unlock it using your face ID, fingerprint or PIN. (This is unlikely to happen unless you are under duress.

Please ensure your devices (which are not shared with others):

Other shared evices do not have the ability to use device-bound authentication.

Will MFA One-Time Password (OTP) using the Microsoft Authenticator app still be used?

Yes, the Microsoft Authenticator app (get from or store) will still be used for Multi Factor Authentication (MFA) when a passkey is unavailable or cannot be used. 

You may need to use MFA through the Microsoft Authenticator app, which will auto revert to number matching, if one or more of the following conditions apply:

  • You have not yet set up a passkey.
  • You are using a new or unregistered device.
  • Your device does not support passkeys (see Passkey and device compatibility FAQs)
  • You are signing in from a shared or restricted device.
  • The application or service you want to log in to does not support passkeys. 
  • You have reached your passkey limit (more than 10 devices).
  • There is a security check or unusual sign-in activity on your account.
Will One Time Password (OTP) via email, phone call or SMS still be used?

No. To strengthen 51³Ô¹ÏÍø’s security, all existing users will be moved to passkeys or MFA via the Microsoft Authenticator app by the end of July 2026.

See How to setup and use your passkey

Why are my existing phone or SMS authentication methods removed once I have added a passkey?

When a passkey is added to your account, it promotes the passkey to the primary (phishing-resistant) authentication method and removes phone or SMS One  Time Pasword (OTP), as these are less secure authentication methods that can be easily phished.

 

More Passkey FAQs

What devices and passkey types can I use?

Find out more details about what devices and operating systems can be set up with a passkey, and the types of passkeys available for you to use, including types of hardware keys.

FAQs on devices and passkey types

51³Ô¹ÏÍø’s Passkey rollout FAQs

Find out what a passkey is and why 51³Ô¹ÏÍø is rolling out passkeys.

Passkeys rollout FAQs

How to setup and use your passkey

Find out how to set up and use your passkey. This covers everything from installing passkeys using the MS Authenticator app, Windows, Macs or using a hardware key as an alternative method.

FAQs for setting up your passkey

HoDs, Line Managers and Passkey Champions FAQs

If you are a Passkey Champion or you are promoting Passkeys to your department, we have created these FAQs to help support you, from checking adoption rates to following up with anyone who hasn't set up a Passkey.

FAQs about championing passkeys

Using passkeys when abroad

If you have a question about using passkeys when abroad, especially if working in China you can refer to the FAQs to find out how to authenticate your 51³Ô¹ÏÍø account from overseas.

FAQs for using Passkeys abroad

Support and further guidance