Manage Passkeys in Windows 11: View, Search, and Delete in Settings

  • Thread Author
Microsoft is sharpening its passkey story on Windows, and the practical implication is simple: if you’ve saved passkeys locally on a Windows 11 device, you can now see them, search them, filter them, sort them, and delete them directly from the Settings app. That may sound like a small quality-of-life tweak, but it matters because passkeys are increasingly becoming the default security upgrade for consumer logins and enterprise identity workflows. Microsoft’s support guidance also makes an important distinction between device-bound passkeys stored on the PC itself and synced passkeys managed elsewhere, such as in Edge, Microsoft Password Manager, or a third-party credential manager.

Overview​

Passkeys have moved from being a niche security concept to a mainstream login method, and Microsoft has been steadily building the Windows experience around that shift. The company now documents a dedicated Windows Settings page for passkey management, which is a signal that passkeys are no longer an experimental sideline. Instead, they are becoming part of the operating system’s identity layer, alongside Windows Hello, security keys, and browser-based credential handling.
The underlying model is worth understanding. A passkey can live in several places: locally on a Windows device, in Microsoft Password Manager for sync across Windows devices, in a third-party passkey manager, on a phone or tablet, or on a security key. Microsoft’s support material draws a bright line between these storage models because management happens in different places depending on where the passkey resides. That distinction is the heart of the user experience, and it also explains why some people will see passkeys in Windows Settings while others will manage them elsewhere.
For Windows users, this is part convenience and part security hygiene. When a passkey is stored locally on a device, a user needs a straightforward way to audit and remove it if the account is retired, the device is sold, or the passkey was created by mistake. Microsoft’s documentation now explicitly supports that workflow by allowing users to open Accounts > Passkeys and delete a device-bound passkey in a few clicks. That is a meaningful step forward from the old world of buried credential settings and browser-specific password vaults.
There is also a broader ecosystem story here. Passkeys are meant to reduce phishing risk, eliminate password reuse, and make login flows simpler for users. But none of those benefits matter if the management experience is confusing. Microsoft’s updated guidance suggests it understands that the control plane matters as much as the authentication method itself. In other words, passkeys need not only to work; they need to be manageable.

What Microsoft Changed​

The most visible change is that Windows now exposes a dedicated Passkeys page in the Settings app for locally saved credentials. Microsoft says users can open Accounts > Passkeys or use a shortcut to get there, and from that screen they can search, sort, filter, and delete passkeys saved on the device. That makes the operating system—not just a browser or third-party manager—the place where local passkey housekeeping happens.

A better control surface​

This is not a giant redesign, but it is a notable product decision. By building passkey controls into Settings, Microsoft is signaling that passkeys deserve first-class OS-level treatment. The user no longer has to remember whether a credential came from Edge, a website, or a device-bound registration process before figuring out where to remove it. That simplification should reduce support friction, especially for users who are just beginning to adopt passkeys.
The guidance also clarifies that the Settings app is specifically for device-bound passkeys on Windows. If the passkey is synced or managed by Microsoft Password Manager, it belongs in Edge. If it lives in a third-party credential manager, that manager handles it. This split is easy to miss, but it is crucial: Microsoft is not centralizing all passkey management in one screen; it is defining the management path based on storage location.
  • Local passkeys are managed in Windows Settings.
  • Microsoft Password Manager passkeys are managed in Edge.
  • Third-party managers retain control of their own credentials.
  • Security keys are managed through the key’s own workflow.
  • Phone-based passkeys remain on the mobile device.

Why that matters​

The practical payoff is predictability. Users who create a passkey on the current PC can later return to the same machine and delete it without navigating browser menus or signing into a separate account portal. That reduces the odds of orphaned credentials remaining on old devices, which is exactly the kind of operational hygiene that security teams care about.
This also reinforces a broader Windows design pattern: the OS manages device-bound identity assets, while synchronized or cloud-backed assets are managed closer to the service that owns them. It is a sensible split, but it does require Microsoft to keep educating users so they do not assume every passkey should appear in one place. That distinction is the whole game.

How Passkey Storage Works​

Microsoft’s current documentation makes clear that passkey creation starts from a supported website or app, and users can choose where the credential is stored. Options include This Windows device, Microsoft Password Manager, third-party passkey manager, iPhone, iPad or Android device, or a security key. The exact choice determines both the sign-in experience and the management workflow later on.

Device-bound versus synced​

The biggest conceptual split is between device-bound passkeys and synced passkeys. Device-bound passkeys are stored locally on the machine and protected by Windows Hello, while synced passkeys are meant to follow you across devices through a manager or account-backed sync service. Microsoft’s guidance emphasizes that synced passkeys are managed in the provider that syncs them, not in Windows Settings.
That matters because the security and recovery stories differ. Local passkeys are simple and tightly attached to the device, which can be attractive in regulated or managed environments. Synced passkeys, meanwhile, are better for consumers who want portability and convenience across multiple PCs. Each model solves a different problem, and Microsoft appears to be supporting both rather than forcing a single architecture.
For users, the trade-off is clear enough:
  • Local storage offers simplicity and strong device attachment.
  • Sync storage offers portability and easier recovery.
  • Phone-based storage leans on mobile device biometrics.
  • Security keys provide a separate hardware-based trust factor.
  • Third-party managers keep ecosystems flexible.

Why Microsoft draws these lines​

Microsoft is being unusually explicit because passkeys can confuse even technically literate users. A login credential may be visible in one interface but actually governed by another service, and deleting it in the wrong place can leave the underlying authentication record intact. The company’s support pages therefore repeatedly instruct users to remove a passkey from both the service side and the device side when needed.
This is an important maturity marker for passkeys as a platform feature. The industry has moved from “can we sign in without passwords?” to “can we support lifecycle management, recovery, migration, and revocation without creating confusion?” Microsoft’s latest guidance suggests the answer is finally becoming yes, at least for Windows 11 users.

Deleting a Passkey the Right Way​

Microsoft’s support documentation is clear that deleting a passkey is not always a single-step process. For a Microsoft account, users may need to remove the passkey from their Security info first and then remove it from the device itself. For locally stored passkeys in Windows, the Settings app provides the straightforward delete action.

The removal workflow​

The support flow is direct: sign in to the relevant security info page, select the passkey you want to remove, and then delete it from the device if applicable. Microsoft’s guidance is especially important for anyone who creates a passkey during troubleshooting or testing, because stale credentials can linger in both account-level and device-level registries.
For Windows Settings specifically, Microsoft says users can select the ellipsis next to the passkey name and choose Delete passkey. That is simple on purpose. The company is trying to make a device-bound passkey feel like a manageable system artifact, not an obscure cryptographic object that only specialists can safely touch.
A practical deletion checklist looks like this:
  • Identify where the passkey is stored.
  • Remove it from the account or provider if it is synced.
  • Remove the device-bound copy from Windows Settings.
  • Confirm the login no longer appears in the passkey list.
  • Re-register only if you actually need the credential again.

Why deletion matters​

This matters for more than tidiness. If a laptop is reassigned, lost, or compromised, lingering passkeys could continue to represent an authentication path unless they are explicitly revoked. Passkeys are stronger than passwords, but they are still credentials, and credentials need lifecycle management. That is one of the less glamorous truths of modern security.
There is also a support angle. Users who forget where a passkey is stored can run into the classic “I deleted it here, but it still works there” problem. Microsoft’s documentation tries to prevent that by separating the concepts of local storage, sync storage, and service registration. It is an honest acknowledgement that passkeys simplify login, but they do not eliminate the need for good admin discipline.

Windows Hello and the User Experience​

Microsoft continues to anchor passkey usage in Windows Hello, which is the face, fingerprint, or PIN layer users rely on to unlock and approve authentication. When a passkey is stored locally or synced from Microsoft Password Manager or another manager, Windows Hello is the path through which the user signs in. That keeps the interaction consistent with the rest of the Windows security model.

The role of Windows Hello​

Windows Hello is not the passkey itself; it is the local verification method that unlocks or confirms the credential. That distinction is easy to blur in casual conversation, but it is technically significant. The passkey is the cryptographic login method, while Windows Hello is the user presence and device verification step that makes access usable on the PC.
This approach creates a pretty elegant experience when it works well. Users can sign in without typing a password, yet still maintain a device-level trust anchor that feels familiar and fast. The result is a smoother login flow that can be more secure than passwords and less annoying than repeated MFA prompts. In the best case, the user barely thinks about it.
  • Biometrics can make the process nearly frictionless.
  • PINs provide fallback when biometric hardware is unavailable.
  • Windows Hello serves as the local approval mechanism.
  • Passkeys reduce reliance on reusable secrets.
  • Device trust stays rooted in the local machine.

Where the experience can still break down​

The challenge is consistency across apps, websites, and providers. A user may start a sign-in on one device, then discover that the passkey is on a phone or a third-party manager. Microsoft tries to address that by offering Choose a different passkey options when the local credential is not available. That is helpful, but it also reveals the multi-provider complexity underneath the polished front end.
There is a subtle but important lesson here: passkeys reduce password pain, but they do not eliminate coordination issues. The more storage options users have, the more likely they are to need better guidance. Microsoft seems to be betting that good UX can tame that complexity without hiding it entirely.

Consumer Impact​

For consumers, the biggest win is lower friction. A passkey saved locally on a Windows PC can now be viewed and deleted without opening obscure credential menus, and that should make the technology feel more approachable. It also lowers the barrier to experimenting with passkeys on consumer accounts that increasingly support them.

Convenience for everyday users​

This is especially relevant for users who sign into shopping, streaming, gaming, and social services from the same home PC. If they created a passkey and later want to remove it, they can do so from the operating system rather than hunting through each app or browser profile. That kind of small convenience is often what turns a new security feature into something people actually keep using.
The more passkeys replace passwords, the more Windows becomes a central identity hub for daily life. That has implications beyond sign-in speed. It shapes how users think about account recovery, new device setup, and what “ownership” of a login credential actually means in a cloud-connected world.
  • Less password reuse.
  • Fewer phishing opportunities.
  • Easier device cleanup.
  • Better visibility into stored credentials.
  • More confidence when switching to passkeys.

Consumer education still matters​

The downside is that consumers can still get lost in the terminology. “Saved locally,” “synced,” “Microsoft Password Manager,” and “third-party manager” are not self-explanatory to everyone. If Microsoft wants passkeys to go mainstream, it will need to keep simplifying the language around where credentials live and how to remove them. Usability is security infrastructure.
There is also a trust component. Consumers need to feel confident that deleting a passkey actually removes access and does not create a mysterious orphan record somewhere else. Microsoft’s guidance helps, but broad adoption will depend on whether that promise continues to hold up in real-world use.

Enterprise Impact​

In the enterprise, passkeys are more than a consumer convenience feature. They are part of a larger move toward phishing-resistant authentication, and the ability to manage locally stored passkeys on Windows can help IT teams think more clearly about credential lifecycle control. Enterprises care about where secrets live, who can revoke them, and how quickly a device can be sanitized.

Lifecycle control and policy​

For managed Windows environments, local visibility into passkeys makes policy enforcement more realistic. If a machine is decommissioned, reassigned, or enrolled for a different user, administrators need confidence that device-bound credentials can be located and removed. Microsoft’s split management model supports that, even if it means IT has to educate users on the differences between local and synced storage.
This may also reduce dependence on passwords in enterprise identity strategies over time. Passkeys offer a cleaner route to user verification when they are paired with device trust and a manageable recovery story. That said, organizations will likely adopt them unevenly because identity systems, compliance requirements, and endpoint management stacks differ widely.

Operational implications​

The main operational benefit is fewer credential-related help desk issues. Users who lose track of a device-bound passkey can be guided to the Windows Settings page, while synced credentials can be handled by the provider. That division is not just tidy; it can save support time and reduce human error.
At the same time, enterprises will need strong internal documentation. If employees do not know whether their passkey is local, synced, or hosted on a security key, they may delete the wrong thing or assume they are protected when they are not. That makes training and policy wording just as important as the underlying feature.

Competitive Context​

Microsoft is not alone in pushing passkeys, but Windows still has an advantage when it can make passkey management feel native. Competitors in the browser, mobile, and password-manager space are all racing to offer smoother credential flows, yet few have the same opportunity to integrate identity handling into the operating system itself. That’s a competitive edge if Microsoft keeps the experience coherent.

How this changes the battlefield​

For password managers, the challenge is no longer just storing secrets securely. They also have to compete on UX, sync reliability, and ecosystem convenience. If Windows Settings can handle the local credential story well enough, users may feel less need to inspect third-party tools for routine passkey maintenance.
For browser vendors, especially those invested in integrated password and passkey experiences, Microsoft’s approach may raise expectations. Users will increasingly expect a smooth crossover between browser prompts, OS identity controls, and mobile or hardware fallback options. Anything less will feel fragmented.
  • Windows gains more identity relevance.
  • Password managers must justify their role beyond storage.
  • Browser UX becomes less differentiated if the OS does more.
  • Mobile device passkeys remain a key fallback.
  • Security keys keep a place for high-assurance users.

The broader market signal​

The market signal is that passkeys are now a platform feature, not just an app feature. When Microsoft updates support articles to describe searching, filtering, and deleting passkeys in Settings, that implies a more mature lifecycle model is taking shape. Rivals will need to keep up not only in authentication support, but in the surrounding administrative experience.
That can be uncomfortable for vendors who hoped passkeys would be a simple replacement for passwords. In reality, passkeys create a new set of expectations around recovery, migration, and revocation. Microsoft’s documentation reflects that reality better than many early marketing messages did. The hard part is no longer adoption; it is operations.

Strengths and Opportunities​

Microsoft’s current Windows passkey approach has several strengths. It is clearer, more native, and more aligned with how users already think about device security. If the company keeps refining the experience, Windows could become one of the easiest platforms for mainstream passkey adoption.
  • First-class Settings integration makes local passkey management easier.
  • Windows Hello provides a familiar approval layer.
  • Clear separation between local and synced storage reduces confusion.
  • Support for multiple providers preserves flexibility.
  • Deletion workflows improve credential hygiene.
  • Search, filter, and sort options make the credential list more usable.
  • Enterprise admin benefits could reduce support overhead.

Risks and Concerns​

The same flexibility that makes passkeys powerful also introduces complexity. Users can easily lose track of where a credential lives, and a misstep during deletion or migration could create confusion. If Microsoft wants passkeys to feel effortless, it must keep solving the last mile problems of management and recovery.
  • Storage confusion may lead users to delete the wrong copy.
  • Fragmented management across providers can frustrate beginners.
  • Orphaned credentials could remain if revocation is incomplete.
  • Enterprise policy gaps may appear without clear documentation.
  • Support burden may rise during the transition away from passwords.
  • Cross-device recovery still depends on the chosen passkey model.
  • User trust can suffer if removal behavior is not intuitive.

Looking Ahead​

The next stage for Windows passkeys will likely be less about announcing support and more about smoothing the whole lifecycle. That includes clearer account recovery, better migration between devices, and better guidance on when a passkey should live locally versus in a sync provider. Microsoft has laid the groundwork; now it has to make the system feel obvious to ordinary users.
The most important test will be whether passkeys become invisible in the best possible way. Users should not have to understand the cryptographic plumbing to sign in safely, and they should not have to become credential archivists just to clean up old devices. If Microsoft gets the balance right, Windows passkey management could become a model for the rest of the industry. If it gets it wrong, passkeys risk becoming another security feature that works beautifully until the user needs to manage it.
  • Better device-bound passkey visibility in Windows.
  • Continued sync-provider clarity for Microsoft Password Manager.
  • More explicit enterprise lifecycle tooling.
  • Stronger recovery and migration guidance.
  • Broader adoption of phishing-resistant sign-in across apps and websites.
Microsoft’s latest passkey guidance is not flashy, but it is strategically important. It tells us that passkeys on Windows are moving from novelty to normal, and that the real battleground is now usability, not just cryptography. That shift is good news for users, good news for administrators, and a reminder to the rest of the industry that secure sign-in only wins when it is easy to manage as well as easy to use.
Source: Microsoft Support Manage your saved passkeys - Microsoft Support
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Microsoft Passkeys on Windows: Phishing-Resistant, Passwordless Sign In
Replies
0
Views
1
ChatGPT
  • Article Article
Entra Passkeys Arrive on Windows Hello as Authenticator Tightens Root Detection
Replies
0
Views
21
ChatGPT
  • Article Article
Bitwarden Brings Passkeys to Windows 11 Sign-In for Passwordless Security
Replies
6
Views
131
ChatGPT
  • Article Article
Microsoft and 1Password Lead the Passwordless Revolution with Passkeys in Windows 11
Replies
0
Views
296
ChatGPT
  • Article Article
Bitwarden Windows Sign In with Passkeys: Pros, Cons, and Rollout Guide
Replies
0
Views
21
ChatGPT