Don’t Be Vulnerable: Registering Phishing-Resistant Passkeys for Android Devices

 

Alex, the ever-diligent Global Administrator, took on the task of registering a phishing-resistant passkey for their Android device using the Microsoft Authenticator app. After enabling the necessary company authentication policies, Alex downloaded the app from the Google Play Store and followed the intuitive steps: adding their work account, signing in with credentials, and creating a secure passkey. With multi-factor authentication enhancing security, Alex completed the process by configuring additional options like QR code linking, ensuring no step was overlooked. Finally, setting up a lock screen added a robust layer of protection. Completing the registration filled Alex with pride—not just for securing their device but for paving the way for safe digital practices across their organization. The Microsoft Authenticator app proved its worth as a vital ally in safeguarding against phishing threats.

 

 

📲Option 1: Registering Passkey Authenticator for Android Devices

 

After enabling the right Authentication methods policies for registering devices for Phishing Resistant Passkey usage. Now you will need to register your device to be paired with a passkey. Make sure that you download Microsoft Authenticator from the Apples Official App Store.

 

 

1. Download the Microsoft Authenticator app from the Google Play Store.
2. If you are using the app for the first time, On the Secure Your Digital Life Screen, tap Add “work or school account.”
3. Sign-in to your account by clicking on the + button then select “Add account.”
4. Once your account has been added or you have already added your account to the Authenticator, then select “Create passkey.”
5. Complete the Multi Authentication process by entering your “Username” and “Password”, then click Next.

 

 

 

 

Already Using Microsoft Authenticator App

 

If you have previously utilized the Microsoft Authenticator application, you may add your account by selecting the “+ Add account” button and following the provided prompts. Additionally, if your organization has enabled QR Code functionality, you may use this method to link your device. Upon completion of the sign-in process, please proceed to the subsequent steps

 

 

Disclaimer: To register a passkey on your Android device, check your phone's settings for "Passkey" as the process can vary by model. Note that Android devices must run Android 15 or later to use this method. Devices with Android 14 or earlier are not compatible with passkey registration and will need an alternative authentication method.

 

 

Configuring Settings

 

 

 

 

 

 

 

 

 

 

 

 

 

     6. You can set up a lock screen by pressing the “Settings” button.

     7. Now you need to press the “Settings” button to enable the Authenticator Passkey                       Provider.

     8. Open “Settings” and clicks “Passwords & accounts.”

 

 

      9. Turn on the Authenticator as passkey provider by selecting the toggle to enable.

    10. Press the back icon to return to the Authenticator, then tap “Done.”

 

 

If you would like to learn more about your passkey and how you now can use this method to authenticate, click the “How to use passkey” button for more information. Now that you have successfully registered your passkey key you can sign-in with the assurance of security utilizing phishing resistant authentication.

 

 

 

📲Option 2: Passkey registration from Security info (Android)

 

 

Here is another way you can register your passkey. To register your passkey for the Microsoft Authenticator using the Security Info login, follow these steps:

 

1. Navigate to the Security Info
2. Click on the “ + Add sign-in method” button.
3. Select the option to add a new authentication method and choose "Passkey" from the list.
4. Click the Next button on the “Create Your Passkey in Microsoft Authenticator.”
5. In the authenticator app select the “Work or school account” you want to add the passkey.
6. Select “Create a passkey,” then follow the prompts to complete the instructions.

 

 

 

 

Once completed, you will have your authentication method properly set up. You can then authenticate with a managed device using the Microsoft Authenticator app. While this method can be used for emergency accounts, it is recommended to utilize a FIDO2 security key USB that is compatible with Microsoft for enhanced security. Implementing this method within your organization helps mitigate phishing risks and promotes better security practices, thereby reducing your attack surface.

 

Conclusion

Registering a passkey through either the Microsoft Authenticator app or the Security Info login is an exciting and transformative way to secure your online identity! By enabling phishing-resistant multi-factor authentication (MFA), you’re taking a proactive step towards a safer digital experience. Embrace this cutting-edge technology with confidence, knowing that your accounts are now fortified against malicious intrusions. This is more than just security, it’s peace of mind, reinvented!

 

Hyperlinks 

• Register passkeys in Authenticator on Android and iOS devices - Microsoft Entra ID | Microsoft Learn
• Passkeys in Microsoft Authenticator FAQs - Microsoft Entra ID | Microsoft Learn
• Enable passkeys in Authenticator for Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn
• Configure a Temporary Access Pass in Microsoft Entra ID to register passwordless authentication methods - Microsoft Entra ID | Microsoft Learn