TOTP Apps vs Windows Hello Passkeys for 2FA

Sorry, your question is a little bit hard to understand? Do you ask, if TOTP with the App on your phone or using Passkeys with Microsoft’s passkey storage is more secure? To me, “Windows Hello“ is a method to authenticate yourself on Windows and it doesn’t have anything to do with 2FA. Assuming I understood the question correctly, the answer is: It depends. I personally wouldn’t trust Microsoft with anything security-related, and especially not to be the keeper of my passwords or Passkeys, but that is actually besides the point. Passkeys are more secure because, they can not be phished; however, if your PC is compromised, they can be stolen. Having to control two devices for authentication reduces risk, but you are using less hardened technology with TOTP. So what do I recommend? * Get a solid platform-independent password manager with a good track record, like Bitwarden. * Get two hardware FIDO2 keys for securing your most valuable accounts, such as your Microsoft, Google, Apple account, and of course, your password manager account. * Use TOTP or Passkeys with your password manager as the keeper of secrets, depending on availability. In theory, you are a little bit less secure if you do TOTP with a separate device, but in practice, a well-configured auto-fill function provided by a good password manager makes up for that, because it act as a soft form of phishing protection. If you always get a convenient auto-fill button on the genuine website, but it’s missing on the phishing website, you have a reason to pause instead of falling for the trick. Keep one FIDO2 hardware key and a note with your master password in a safe and you can make sure your digital life can be handled by your loved ones in the event of your death.