User manual:Microsoft passwordless login

From Trezor Wiki
Jump to: navigation, search

In this article, we will look at how to set up Trezor Model T to login to an online Microsoft account without entering any login credentials in your browser. This feature utilizes the FIDO2 authentification protocol, which is available on Trezor Model T, starting with the Firmware 2.1.6.

See also FIDO2



NoteThis feature is currently available only on Trezor Model T.


Important remarks before you start[edit]

What is FIDO2 passwordless login, and why should I bother?[edit]

Passwordless login is a type of authentification enabled by the FIDO2 standard. When implemented by an online service, it allows you to save the login credential on your security token (Trezor device in our case) and subsequently use it to skip the traditional entering of username and password when logging in.

The ultimate goal of this feature is to enable using various services without the need for a user-generated password.

Read more about FIDO2 in our glossary article "FIDO2" and in the blog article "Make Passwords a Thing of the Past"

Does this work with many configurations?[edit]

To use this feature, your setup has to meet a few requirements:

  • Windows 10 version 1809 or newer
  • Microsoft Edge browser
  • Initialized Trezor Model T with PIN protection enabled

Is this somehow tied to my recovery seed?[edit]

Yes, but unlike your wallet, the login credentials are not automatically backed up. If you lose or wipe your device, you might have to log in using traditional authentification methods (Username and password) and set up the security key again.

However, you can back up your FIDO2 credentials manually to bypass this possible inconvenience later. See FIDO2 Credentials for more information.

1. Visit live.com and sign in to your account[edit]

Visit the Microsoft site and sign in to your account.

FIDO2 MS Passwordless 0.png

Once signed in, notice a circular icon depicting your initials or avatar in the top-right part of the interface. In this section of the interface, you can access the settings of your profile, your account, or sign out.

Click on the icon and then onMy account.

FIDO2 MS Passwordless 1.png

2. Access the "Security settings"[edit]

Find the Security tab in the top part of the interface.

FIDO2 MS Passwordless 2.png

Not there yet. Click on More security options.

FIDO2 MS Passwordless 3.png

Scroll down and find the section called "Microsoft Hello and security keys".

Click on Manage your sign-in options.

FIDO2 MS Passwordless 4.png

Select +Set up a security key.

FIDO2 MS Passwordless 5.png

3. Set up your Trezor device as a security key[edit]

Prepare to use your Trezor Model T, select "USB device", then click Next.

FIDO2 MS Passwordless 6.png

Plug your Trezor and unlock it by tapping the touchscreen and entering the PIN code.

Then check the screen in your browser where you should see a prompt to initiate the communication with your Trezor. Click Continue.


Microsoft page now wants to save your login credentials on your Trezor device.

On your Trezor, check the login information and tap the green checkmark button to confirm and to continue.


Finally, choose a name for your Trezor, which will be remembered by your Microsoft account. Note that this does not have to match the name you have given your Trezor device when you set it up.

FIDO2 MS Passwordless 11.png

Fantastic! Everything is successfully set up. Your Trezor is now ready to be used for signing in to your account.

FIDO2 MS Passwordless 12.png

To log in to your account using Trezor Model T, select Sign in with a security key, connect your Trezor device, and confirm the action by tapping the green checkmark button .

FIDO2 MS Passwordless 13.png
Like Trezor? Get one here!