How is a passkey more secure than an emailed code for MFA?
How does a passkey secure my accounts?
Should I also configure a backup authentication method besides my passkey?
What if my mobile device is lost, broken, or replaced?
If I get a new mobile device, can I transfer my Microsoft Authenticator passkeys to the new device?
If I set up a passkey for my ECU account, then change my ECU password, do I need to update the passkey with the new password?
How is a passkey more secure than an emailed code for MFA?
Emailed codes, SMS texts and phone calls are easily compromised through interception, spoofing, social engineering and more. Passkeys use public-key cryptography (a form of encryption) and only work with the website or service with which they are registered. Therefore, attackers cannot use a fake website to intercept your encrypted data. Passkeys are a convenient and very secure form of account verification, second only to Yubikey security keys.
How does a passkey secure my accounts?
A passkey is a secure, password‑free sign‑in method that
- replaces your password with strong encryption so it is no longer stored on account servers, and
- replaces traditional multifactor authentication prompts by verifying your identity directly on your trusted device.
- Passkeys are stored securely on your phone or computer and are protected by your fingerprint, face scan, PIN, or device unlock.
- They only work with the website or service where they were created, which prevents phishing and fake login pages from stealing your credentials.
- After setup, sign in and approve the request on your device — fast, secure and easy.
Should I also configure a backup authentication method besides my passkey?
You have four passwordless methods of authentication:
- Yubikey security key
- Microsoft Authenticator app for mobile phone, phone call or text
- Windows Hello for Business (WHfB) for authentication when you log in to your ECU-managed Windows 11 computer and access SSO resources.
What if my mobile device is lost, broken, or replaced?
IMPORTANT: CONFIGURE MORE THAN ONE AUTHENTICATION METHOD FOR YOUR ECU ACCOUNT.
Your passkey is protected by your device and cannot be used without it. If your device is lost, broken, or replaced, sign in using another authentication method and remove the old passkey from your account settings. You can then set up a new passkey on your new device. Passkeys are easily replaced, and losing a device does not give anyone access to your account.
If I get a new mobile device, can I transfer my Microsoft Authenticator passkeys to the new device?
Microsoft Authenticator binds the passkeys to the device so they cannot be transferred to a new device. If you get a new mobile device, you will need to use an alternate authentication method and create a new passkey on the new device, and you may delete the old passkey from your ECU account.
If I set up a passkey for my ECU account, then change my ECU password, do I need to update the Passkey with the new password?
No. Passkeys do not use or store your password. Changing your ECU password does not affect your passkey, and no updates are needed. Your passkey continues to work independently of your password.