User manual:Microsoft passwordless login
In this article, we will look at how to set up Trezor Model T to login to an online Microsoft account without entering any login credentials in your browser. This feature utilizes the FIDO2 authentification protocol, which is available on Trezor Model T, starting with the Firmware 2.1.6.
See also FIDO2
Important remarks before you start
What is FIDO2 passwordless login, and why should I bother?
Passwordless login is a type of authentification enabled by the FIDO2 standard. When implemented by an online service, it allows you to save the login credential on your security token (Trezor device in our case) and subsequently use it to skip the traditional entering of username and password when logging in.
The ultimate goal of this feature is to enable using various services without the need for a user-generated password.
Does this work with many configurations?
To use this feature, your setup has to meet a few requirements:
- Windows 10 version 1809 or newer
- Microsoft Edge browser
- Initialized Trezor Model T with PIN protection enabled
Is this somehow tied to my recovery seed?
Yes, but unlike your wallet, the login credentials are not automatically backed up. If you lose or wipe your device, you might have to log in using traditional authentification methods (Username and password) and set up the security key again.
However, you can back up your FIDO2 credentials manually to bypass this possible inconvenience later. See FIDO2 Credentials for more information.
Visit the Microsoft site and sign in to your account.
Once signed in, notice a circular icon depicting your initials or avatar in the top-right part of the interface. In this section of the interface, you can access the settings of your profile, your account, or sign out.
Click on the icon and then onMy account.
2. Access the "Security settings"
Find the Security tab in the top part of the interface.
Not there yet. Click on More security options.
Scroll down and find the section called "Microsoft Hello and security keys".
Click on Manage your sign-in options.
Select +Set up a security key.
3. Set up your Trezor device as a security key
Prepare to use your Trezor Model T, select "USB device", then click Next.
Plug your Trezor and unlock it by tapping the touchscreen and entering the PIN code.
Then check the screen in your browser where you should see a prompt to initiate the communication with your Trezor. Click Continue.
Microsoft page now wants to save your login credentials on your Trezor device.
On your Trezor, check the login information and tap the green checkmark buttonto confirm and to continue.
Finally, choose a name for your Trezor, which will be remembered by your Microsoft account. Note that this does not have to match the name you have given your Trezor device when you set it up.
Fantastic! Everything is successfully set up. Your Trezor is now ready to be used for signing in to your account.
To log in to your account using Trezor Model T, select Sign in with a security key, connect your Trezor device, and confirm the action by tapping the green checkmark button .