Having Trouble with PIN and Passkey for Microsoft Login

The PIN and passkey prompts are part of Microsoft’s passwordless sign-in. They can’t be fully removed if the organization requires them, but several actions can resolve the sign-in failures and reduce how often they appear.

1. Verify the account type and device support

• For a work/school account, passkeys and PINs are controlled by the organization. If the admin has enabled passwordless sign-in, the prompts are expected.
• Passkeys are supported only on certain platforms and authenticators. If using an unsupported device or browser, sign-in can fail and show PIN/username errors.
  • Supported work/school devices include:
    • Windows 10 and newer
    • macOS Ventura and newer
    • ChromeOS 109 and newer
    • iOS 16 and newer (passkeys in Microsoft Authenticator require iOS 17+)
    • Android 9 and newer (passkeys in Microsoft Authenticator require Android 14+)
    • Hardware security keys that support FIDO2

2. Try signing in with a different method once When the module redirects to sign-in:
3. On the Microsoft sign-in page, choose Sign-in options or Other ways to sign in.
4. Select a different method (for example, password, Microsoft Authenticator, or security key) instead of the PIN/passkey.
5. Complete sign-in, then let the page return to the module.

If this works, the issue is likely with a specific passkey or PIN credential, not the username.

3. Check for invalid or orphaned passkeys If the passkey stored on the device is no longer valid for the account, Microsoft may show errors like “We couldn’t use your device to verify your identity” or that the passkey can no longer be used.

For a work/school account:

1. Go to Security info at https://mysignins.microsoft.com/security-info.
2. Under Sign-in methods, look for any Passkey or Passkey in Microsoft Authenticator entries that no longer apply (old devices, old keys).
3. Select Delete for those passkeys.
4. Then remove the corresponding passkey from the device or authenticator (for example, delete it from the phone’s passkeys list or from a hardware security key).
5. Sign in again to the module and choose Sign-in options → another method (password or Authenticator) to confirm access.

If sign-in now works, optionally re-add a fresh passkey from Security info using Add sign-in method → Passkey or Passkey in Microsoft Authenticator.

4. Fix “passkey no longer valid” or similar errors If messages indicate the passkey is not found, can no longer be used, or is no longer valid:
5. On the mobile authenticator or device where the passkey is stored, delete any passkeys that no longer apply to this work account.
6. Set up a new passkey for the work account from Security info.
7. Try the module again and select the new passkey when prompted.
8. Reducing or avoiding PIN/passkey prompts

• If the organization allows passwords, using Sign-in options and choosing password or another method can avoid the PIN/passkey prompt for that session.
• If the organization has enforced passwordless sign-in, completely removing PIN/passkey is not possible; the admin would need to change policy.
• If a passkey was created on the wrong profile (for example, personal vs work profile on Android), recreate the passkey in the correct work profile so the correct credential is used.

6. When to contact the organization’s IT/admin Contact the work IT/helpdesk if:

• The sign-in page always rejects the correct username and PIN, even after deleting and recreating passkeys.
• Password sign-in is blocked and only PIN/passkey is allowed, but those methods fail.
• The device or browser should be supported but still cannot complete passkey sign-in.

Provide IT with:

• The exact error text shown when the PIN/passkey fails.
• Whether sign-in works from another device or browser using Sign-in options → password or Authenticator.

References:

• Signing in with a passkey
• Troubleshoot signing in with a passkey
• Sign in with a passkey (FIDO2) for your work or school account