Skip to content Skip to cookie consent banner
Logo Fachhochschule Dortmund

Instruction: Passkeys (device or cloud)

Updated at

A passkey replaces the traditional method of entering passwords and confirmation codes. You can log in easily and securely using your fingerprint (Touch ID) or face scan (Face ID) directly on your device.

What types of passkeys are there?

  1. Device-bound: The key is permanently anchored in an app (e.g. Microsoft Authenticator) or on a hardware stick. It cannot leave the device.

  2. Synchronised (especially for Apple users): These keys are encrypted and stored in a cloud (e.g. iCloud). The advantage is that they are automatically available on all linked devices and can be easily restored if the device is lost.

Device-bound passkeys

This variant offers isolated security for a specific device. The passkey is managed directly in the app on your smartphone.

Prerequisite:

  • Browser: Chrome, Microsoft Edge, Safari (not Firefox!)

  • Bluetooth must be enabled on your smartphone or tablet

  • Operating systems Android 14 or iOS 17 and higher

  • Set MS Authenticator app as password manager

Set up passkeys with MS Authenticator

  1. Sign in to your Microsoft account

    On your computer, open the Security Information section of your Microsoft account at https://mysignins.microsoft.com/security-info.

    Important! Please use Chrome, Microsoft Edge or Safari as your browser! Firefox does not yet support this functionality.

  2. Add login method

    In the Security Information section, click on the "Add Login Method" option.

    Screenshot der Sicherheitsinformationen in einem Microsoft-Konto. Neben dem Kennwort können über die Option "Anmeldemethode hinzufügen" weitere Sicherheitsmaßnahmen wie eine Authenticator-App oder ein Passkey eingerichtet werden.

  3. Master key in Microsoft Authenticator

    Select "Master key in Microsoft Authenticator" from the list.

    Modalfenster mit verschiedenen Optionen zur Erhöhung der Konto-Sicherheit.Neben dem Hauptschlüssel in der Microsoft Authenticator-App, die für diesen Case ausgewählt werden soll, stehen ein Sicherheitsschlüssel und eine Authenticator-App zur Verfügung.

  4. Install the MS Authenticator app

    Do you already have the MS Authenticator app on your smartphone or tablet? Then you can skip this step by clicking "Continue".

    Otherwise, open the App Store (for iOS) or Google Play Store (for Android) on your smartphone or tablet. Search for "Microsoft Authenticator" and download the app.

    Then click "Next" on your desktop screen.

    Authenticator dem Konto hinzufügen

  5. Open the Microsoft Authenticator app

    Now open the Authenticator app on your smartphone or tablet.

    If you are using the app for the first time: Tap the plus sign (+) in the top right corner and select ‘Business or school account’.

    Follow the instructions to add your account (e.g. vorname.nachname@fh-dortmund.de) using a QR code.

    Screenshot der Microsoft Authenticator App zeigt das Plus-Symbol in der oberen rechten Ecke. Dieses Symbol muss ausgewählt werden, um einen neues Konto hinzuzufügen

  6. Create passkey

    Tap on your already added FH account in the app.

    Under "Other ways to sign in", select the option "Create passkey" and follow the installation dialogue.

    Screenshot der Authenticator-App, der anzeigt, dass ein Geschäftskonto erfolgreich hinzugefügt wurde.

  7. Master key successfully generated

    Please return to the browser window and click on "Continue".

    You will receive the success message "Master key created". After that, the registration is successfully completed with "Done".

Signing in with a Microsoft Passkey in the Chrome browser (desktop computer)

  1. Open web browser

    Open your web browser (Chrome, Safari, Microsoft Edge).

    Log in to the intranet, for example: https://intranet.fh-dortmund.de/auth/azure/login

    As soon as the login screen appears, select your FH account.

    Anmeldebildschirm. Wählen Sie Ihr Konto aus der Liste aus.

  2. Select Passkey as your sign-in option

    To use passkeys for login, click on "Use smartphone or tablet".

    Anmeldebildschirm. Die Option

  3. Scan QR Code

    Scan the QR code with your smartphone or tablet on which you have set up your passkey via the app.

    The message "Passkey QR code: sign in with a passkey" will appear on your smartphone/tablet. Tap on it.

    Microsoft Fenster mit Hinweis "Scanne diesen QR-Code mit dem Gerät mit dem Passkey, den du für login.microsoft.com verwenden möchtest.

  4. Log in with a passkey

    A message will appear on your smartphone/tablet stating that you are logged in with your FH account at "login.microsoft.com".

    Click "Continue" and confirm the action with Touch ID.

    Done.

Synchronised passkeys

Unlike the device-bound version, synchronised passkeys are stored in a digital safe (cloud). This offers two major advantages: the keys are immediately available on all your devices, and if you lose a device, they can be easily restored.

Available storage options:

Depending on the system used, there are different providers for this synchronisation:

  • iCloud Keychain: Standard solution for Apple users (synchronisation between iPhone, iPad and Mac).

  • Google Password Manager: The solution for Android users and the Chrome browser.

  • KeePassXC/DX: Platform-independent; requires a suitable browser extension on your PC.

Note: Other third-party providers (password managers) can be set up on request by contacting support@fh-dortmund.de.

Passkeys for Apple users (Mac & iCloud)

The following describes the setup within the Apple ecosystem, as it is particularly seamlessly integrated into the operating system.

Requirements:

  • Hardware: Mac (with Touch ID) and an iPhone (with Face or Touch ID)

  • Operating system: At least macOS 13+ (Ventura) and iOS 16+

  • Synchronisation: iCloud > Passwords must be active and iCloud must be connected to both devices

    • System settings > [Your name] > iCloud > Passwords

Configuring the passkey on a Mac

  1. Open security options

    Open Safari/Chrome on your Mac and sign in at account.microsoft.com/security.

  2. Add login method

    Click on "Add login method".

    Screenshot der Sicherheitsinformationen in einem Microsoft-Konto. Neben dem Kennwort können über die Option "Anmeldemethode hinzufügen" weitere Sicherheitsmaßnahmen wie eine Authenticator-App oder ein Passkey eingerichtet werden.

  3. Select security key

    Select the option "Passkey/Master key" from the list and follow the dialogue by clicking "Next" (twice).

    Microsoft-Dialogfenster „Anmeldemethode hinzufügen“. Auswahloption für „Hauptschlüssel“ (Passkey) mit der Beschreibung: „Mit Gesicht, Fingerabdruck, PIN oder Sicherheitsschlüssel anmelden“.

  4. Add passkey

    Confirm the macOS system dialogue for creating a passkey for "microsoft.com" using Touch ID or Face ID.

    Browser-Dialogfeld „Add a passkey“ für die Website login.microsoft.com. Der Begleittext erklärt, dass Passkeys eine sicherere Alternative zu Passwörtern sind, die nicht geleakt oder gestohlen werden können, und dass der Passkey lokal im Passwort-Manager gespeichert wird.

  5. Name passkey

    After creation, Microsoft will ask you to give the passkey a name (e.g. "My MacBook Pro"). This name is used to uniquely identify the key.

    Screenshot eines Microsoft-Dialogfensters mit dem Titel „Ihren Hauptschlüssel benennen“. Es enthält ein Eingabefeld und den Hinweistext: „Geben Sie Ihrem Hauptschlüssel einen Namen, damit Sie ihn später leichter identifizieren können“.

  6. Done!

    The new passkey will now be permanently listed in your login methods on the Microsoft security page, where it can be managed or removed as needed.

    Ansicht der Microsoft-Sicherheitsinformationen. Der Screenshot zeigt den Hinweis, dass ein neu eingerichteter Passkey nach der Konfiguration als „iCloud Keychain“ (iCloud-Schlüsselbund) in der Liste der Anmeldemethoden erscheint.

Signing in with the passkey on Mac

  1. Open web browser

    Open your web browser (Chrome, Safari).

    Log in to the intranet, for example: https://intranet.fh-dortmund.de/auth/azure/login

  2. Enter/select email address

    After setting up, simply enter your email address on the Microsoft login page when logging in.

    Anmeldebildschirm. Wählen Sie Ihr Konto aus der Liste aus.

  3. Authentication via Face or Touch ID

    The system automatically prompts you to confirm via Face or Touch ID. You are logged in immediately – password-free and secure.

    System-Dialog zur Anmeldung bei microsoft.com mittels Passkey. Die Aufforderung „Sign in to microsoft.com with your passkey“ wird angezeigt, kombiniert mit der Anweisung, die Anmeldung per Touch ID (Fingerabdrucksensor) zu bestätigen.

Frequently asked questions

What happens if I lose my iPhone or Mac?

With synchronised passkeys (Apple)

Don't worry. Your passkeys are secured in iCloud Keychain. As soon as you sign in to a new Apple device with your Apple ID, your access will be automatically restored.

Security recommendation: Although access to the lost device is protected by biometrics, if it is definitely lost, you should consider renewing your most important passkeys (e.g. for banking or main email accounts) for security reasons and locking or erasing the lost device using Apple's "Find My" feature.

For device-bound passkeys (Microsoft Authenticator)

The protection is stricter here. You will need to reinstall the app on the new device and set up a new passkey for your FH account – either using an alternative MFA method or through IT support (support@fh-dortmud.de, +49 (0231) 9112-8888).

Also interesting

Contact support

Whether it's a technical problem, feature request or license inquiry, our IT support team will be happy to help!
Simply use the online forms linked below - the more precise your information, the better we can help you.

We are available by phone at our support hotline during the following service hours:

+49 (0231) 9112-8888

Monday - Thursday: 10:00 - 12:00, 13:00 - 15:00
Friday: 10:00 - 12:00

  • Report a technical problem

  • Submit a question

  • Request hardware

Ticket successfully submitted!

Thank you very much! Our IT support has received your request. We will contact you via email shortly. You can now close this note.

Please note that hardware requests can only be submitted by administrative staff. Employees from other departments are excluded from this process.

Request hardware

Should the requested device be ergonomic?
Details about the required device, e.g. left-handed or right-handed for ergonomic mouse; if possible, please attach a link to the desired device

Es sind nicht mehr als 5 Dateien erlaubt.

Where did the problem occur?

Es sind nicht mehr als 5 Dateien erlaubt.

Unfortunately, the form could not be submitted. Please check your input.

Choose tutorial