Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidbnse5dh6xh5wfyf3jt7jungm7ff7py2vkydvtas4lgbeaxhdm44",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlo2izx3loa2"
  },
  "path": "/t/totp-apps-vs-windows-hello-passkeys-for-2fa/37842#post_3",
  "publishedAt": "2026-05-12T14:15:34.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Sorry, your question is a little bit hard to understand?\n\nDo you ask, if TOTP with the App on your phone or using Passkeys with Microsoft’s passkey storage is more secure?\n\nTo me, “Windows Hello“ is a method to authenticate yourself on Windows and it doesn’t have anything to do with 2FA. Assuming I understood the question correctly, the answer is: It depends.\n\nI personally wouldn’t trust Microsoft with anything security-related, and especially not to be the keeper of my passwords or Passkeys, but that is actually besides the point.\n\nPasskeys are more secure because, they can not be phished; however, if your PC is compromised, they can be stolen.\n\nHaving to control two devices for authentication reduces risk, but you are using less hardened technology with TOTP.\n\nSo what do I recommend?\n\n  * Get a solid platform-independent password manager with a good track record, like Bitwarden.\n  * Get two hardware FIDO2 keys for securing your most valuable accounts, such as your Microsoft, Google, Apple account, and of course, your password manager account.\n  * Use TOTP or Passkeys with your password manager as the keeper of secrets, depending on availability.\n\n\n\nIn theory, you are a little bit less secure if you do TOTP with a separate device, but in practice, a well-configured auto-fill function provided by a good password manager makes up for that, because it act as a soft form of phishing protection. If you always get a convenient auto-fill button on the genuine website, but it’s missing on the phishing website, you have a reason to pause instead of falling for the trick.\n\nKeep one FIDO2 hardware key and a note with your master password in a safe and you can make sure your digital life can be handled by your loved ones in the event of your death.",
  "title": "TOTP Apps vs Windows Hello Passkeys for 2FA"
}