Passkey Authentication

Passkey authentication is a new, secure way to sign in without using traditional passwords and is required for confidential data processors and individuals who are responsible for critical university business. However, all members of the campus community are encouraged to take advantage of this service. Instead of remembering and typing passwords, passkeys use your device’s built-in security (like Face ID, fingerprint, or a PIN) to verify your identity. They’re faster, easier, and much harder for hackers to steal or guess. Passkeys work across phones, laptops, and websites, and can help protect your BSU account from phishing and other cyber threats. Think of it as a safer, smarter way to log in. Passkeys are safe, secure, and are considered to be the most secure form of MFA.

Overview

Please read this KnowledgeBase article carefully and send questions to security@bridgew.edu. 

Supported Passkeys

Windows Hello for Business

Windows Hello for Business is configured on all newly issued Windows laptops from the IT Division. Windows Hello for Business is a secure, passwordless way to sign in to your Windows devices and campus apps. Instead of using a password, you sign in with a PIN, fingerprint, or facial recognition that's tied to your device. It's faster, more convenient, and protects your account with strong encryption. 

Microsoft Authenticator App

The Microsoft Authenticator app now supports passkeys, making it easy to sign in without passwords. With passkeys securely stored in the app, you can sign in to your campus acounts by scanning a QR code on a device with Bluetooth enabled using a smartphone running Android 14 or later or iOS 17 or later.

Yubico YubiKey

A Yubikey is a small secure USB device that lets you sign in with a passkey by simply plugging it in or tapping it. It stores your passkeys safely on the device and works with USB or NFC (tap-to-phone) to verify your identity. YubiKeys are fast, phishing resistant, and great for anyone who wants a physical key to protect their campus accounts and data.

Do I need a Passkey? How do I choose?

The answer depends on your device and your requirements.

Personal devices
You can not use Windows Hello for Business on personal devices, which means you will need to either use a YubiKey or the Microsoft Authenticator app. 

BSU Laptop
Newly issued laptops have Windows Hello for Business enabled and are already storing your passkey for authentication. If your laptop does not have Windows Hello for Business, the IT Division can provide a YubiKey or a new laptop.

What if I need to authenticate from a personal device off-campus but don't have a smartphone?

Email security@bridgew.edu to request a YubiKey.

How do I configure the Microsoft Authenticator App to use a Passkey?

  1. Download and install the Microsoft Authenticator app from Apple's App Store or from the Google Play Store
  2. Select your BSU account in the Authenticator App
  3. Select "Create a passkey" under the "Other ways to sign in"Uploaded Image (Thumbnail)
  4. Click the "Sign in" button at the bottom
  5. Uploaded Image (Thumbnail)Sign in to your BSU account using MFA
  6. Your Passkey is now set up and configuredUploaded Image (Thumbnail)

Using your passkey from Microsoft Authenticator

  1. When prompted to enter your password when signing in, select "Use your face, fingerprint, PIN, or security key instead" above the sign in buttonUploaded Image (Thumbnail)
  2. To sign in with your Microsoft passkey, select "iPhone, iPad, or Android device" and then select "Next"Uploaded Image (Thumbnail)
  3. If Bluetooth isn't enabled on your device, it will prompt you to turn it on. Select the "Turn on Bluetooth" button to proceed.Uploaded Image (Thumbnail)
  4. Scan the QR code on your screen using your mobile device. Simply open your camera app, aim it at the QR code, and select "Sign in with a passkey" at the bottom of your phone screen
  5. You will not be signed into your BSU account

How do I configure a Yubico YubiKey for my BSU account?

  1. Navigate to https://mysignins.microsoft.com/security-infoUploaded Image (Thumbnail)
  2. Click "+ Add sign-in method" under Security InfoUploaded Image (Thumbnail)
  3. Under "Add a sign-in method" select "Security Key"
  4. Uploaded Image (Thumbnail)Under Security Key, select "USB Device"Uploaded Image (Thumbnail)
  5. A window called "Windows Security" will popup, select "Security Key"
  6. Insert your YubiKey into your computer and enter your passwordUploaded Image (Thumbnail)
  7. Touch your YubiKey on the yellow center to continue.
  8. Give your YubiKey a descriptive name you'll rememberUploaded Image (Thumbnail)

Using your YubiKey

  1. When signing into your BSU account, enter your email as you normally would doUploaded Image (Thumbnail)
  2. Select "Use your face, fingerpint, PIN, or security key instead"Uploaded Image (Thumbnail)
  3. Select "Security key" and insert your YubiKey into your computer and type in your PIN to authenticate
  4. Touch your YubiKey to authenticateUploaded Image (Thumbnail)

How do I enroll my BSU owned device in Windows Hello for Business?

To begin the process of enrolling in Windows Hello for Business, please follow the steps below:

  1. Submit your device information to security@bridgew.edu with the following information:
    • Your computer's hostname (typically found in system settings)
    • If you are unable to locate your hostname, please provide your laptop's model number instead
  2. Wait for configuration confirmation
    • Once your device has been properly configured, you will receive a confirmation email from the BSU IT Security Team
  3. Complete enrollment on-campus
    • Bring your laptop to campus and reboot your device while connected to the BSU network

This reboot will initiative the enrollment process into Windows Hello for Business, enabling secure PIN-based authentication. 

If you have any questions or encounter issues during this process, please reach out to us at security@bridgew.edu for assistance.

 

Print Article