Skip to content
  • There are no suggestions because the search field is empty.

Why am I unable to create my passkey and why do I get an error message?

We only supports passkeys that comply with the FIDO2 standard and have been issued by certified platforms. Many password managers offer features similar to passkeys but are not FIDO2-certified – these cannot be used.

For example, FIDO2-compatible passkeys are supported by:

  • Apple iCloud Keychain (on iPhones, iPads and Macs)

  • Google Password Manager (on Android devices with an additional security check such as the Android SafetyNet Attestation)

  • Windows Hello

  • Hardware security keys such as YubiKeys (with FIDO2 certification)

Note: FIDO2-compatible passkeys can also be used on Samsung devices – provided they are stored via Google Password Manager. Other systems such as Samsung Pass or Samsung Wallet are not currently supported.

 

Problems on Windows - Steps to trouble-shoot passkey

1. Windows Hello (PIN) Is Required but Managed by Policy

When you use passkeys in Windows, they rely on Windows Hello (the local authentication framework that uses a PIN, fingerprint, or face). If Windows Hello PIN options are missing or restricted, then the passkey flow won’t offer a PIN option anymore.

Common reasons for this include:

Enterprise / Device Policies

  • If your computer is joined to an organization (Azure AD / Intune) or has security policies applied, the PIN complexity and availability can be governed by those policies.

  • Many corporate policies enforce a minimum PIN length (e.g., 6 or more digits), or even disallow PINs entirely in favor of biometrics or external authenticators. This can remove the option to use an 8-digit PIN in some flows. 

Windows Hello Has Been Reset or Disabled

  • If you did a PIN recovery, reset, or something reset your Hello credentials, Windows might temporarily hide or disable the PIN option until it’s re-provisioned. 

2. Windows Hello PIN Settings May Have Changed

The PIN option appears in:

Settings → Accounts → Sign-in options → Windows Hello PIN


If that whole section is missing, it could be due to:

  • Your Microsoft account is managed, and policies restrict Windows Hello PIN setup.

  • Windows has marked the device as corporate and disabled PIN for security reasons.

  • A TPM / Hello configuration problem — e.g., the credential container was corrupted or reset. 

What You Can Try to Re-Enable the PIN Option
A. Re-Enable Windows Hello PIN

  1. Check Sign-in Options

    • Go to:
      Settings → Accounts → Sign-in options → Windows Hello PIN

    • If you see “Windows Hello PIN,” try to Add or Change it.

  2. Delete Corrupted PIN Data

    Sometimes the PIN credential container gets corrupted:

    • Open File Explorer and go to:
      C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC

    • Take ownership of the folder, delete its contents, and restart.

    • After reboot, Windows should prompt you to set up a new PIN

  3. Remove and Re-add Your Account

    • Disconnect your work/school account (if present) under:
      Settings → Accounts → Access work or school

    • Restart and then re-add it — this can clear policy artifacts. 

B. Use Group Policy / MDM (for Advanced Users or Admins)

If you are on a device with professional/enterprise controls, the PIN options might be regulated by:

  • Group Policy

  • Intune / MDM profiles

You might need to allow/adjust:

  • Minimum PIN length

  • PIN complexity settings

  • Windows Hello for Business requirements

Adjusting these policies can bring back the ability to set whatever PIN length is required.

 
Passkey vs. PIN — Not Exactly the Same Thing

A passkey isn’t literally “the PIN”. A passkey is a WebAuthn / FIDO2 credential that’s protected by Windows Hello. The PIN is used locally to confirm the user’s identity so that the passkey can be used. 

So if the PIN option disappears, that doesn’t mean passkeys are gone — it means the local Windows Hello factor needed to authorize passkey use isn’t available.

 
Summary — Why the 8-Digit PIN Disappeared

You’re likely seeing this because:

  • A policy or security setting changed (especially on corporate/managed devices)

  • Windows Hello credentials were reset or corrupted

  • Windows updated and changed how PIN options are surfaced

  • The passkey flow hides PIN options when Windows Hello isn’t fully configured

 
If You Want It Back

Re-enable Windows Hello PIN in the Sign-in Options, or
Clear and re-provision the Windows Hello credential data so Windows can ask you to set it up again.

If your PC is managed by an IT department, you may need to contact them — organizational policies are often the reason Windows limits PIN configurations.