From Newsgroup: alt.comp.os.windows-11

"Microsoft account
Security info was added
The following security info was recently added to the Microsoft account br*w@gci.net:
Passkey

If this was you, then you can safely ignore this email.
If this wasn't you, a malicious user has access to your account. Please
review your recent activity and we'll help you secure your account.
Review recent activity

To opt out or change where you receive security notifications, click here. Thanks,
The Microsoft account team

Privacy Statement
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052"

I received the above message today. How could a passkey be added to this account? As far as I know I do not use passkeys. If I had one I assume it would be stored in the TPM or something. So is this even possible for somebody to do with out access to the computer? I think this is a phlish
but in looking at the properties and the full message text I did see
anything that showed me it came from Russia or some place. I do not want to click on "Review recent activity".

Anyway I can track this down?
--
<Bill>

Brought to you from Anchorage, Alaska


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Bill Bradshaw wrote:

"Microsoft account
Security info was added
The following security info was recently added to the Microsoft
account br*w@gci.net:
Passkey

If this was you, then you can safely ignore this email.
If this wasn't you, a malicious user has access to your account.
Please review your recent activity and we'll help you secure your
account. Review recent activity

To opt out or change where you receive security notifications, click
here. Thanks,
The Microsoft account team

Privacy Statement
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052"

I received the above message today. How could a passkey be added to
this account? As far as I know I do not use passkeys. If I had one
I assume it would be stored in the TPM or something. So is this even possible for somebody to do with out access to the computer? I think
this is a phlish but in looking at the properties and the full
message text I did see anything that showed me it came from Russia or
some place. I do not want to click on "Review recent activity".

Anyway I can track this down?

Forget this. I went into my account directly through Microsoft. My account is setup through Hotmail but the account that is referenced is where I have the login code emailed to. So I have no account with Microsoft through the referenced email br*w@gci.net. And of course by looking at the properties
of my posted emails you can get bradshaw@gci.net.
--
<Bill>

Brought to you from Anchorage, Alaska


--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 2/24/2026 3:36 PM, Bill Bradshaw wrote:

Bill Bradshaw wrote:

"Microsoft account
Security info was added
The following security info was recently added to the Microsoft
account br*w@gci.net:
Passkey

If this was you, then you can safely ignore this email.
If this wasn't you, a malicious user has access to your account.
Please review your recent activity and we'll help you secure your
account. Review recent activity

To opt out or change where you receive security notifications, click
here. Thanks,
The Microsoft account team

Privacy Statement
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052"

I received the above message today. How could a passkey be added to
this account? As far as I know I do not use passkeys. If I had one
I assume it would be stored in the TPM or something. So is this even
possible for somebody to do with out access to the computer? I think
this is a phlish but in looking at the properties and the full
message text I did see anything that showed me it came from Russia or
some place. I do not want to click on "Review recent activity".

Anyway I can track this down?

Forget this. I went into my account directly through Microsoft. My account is setup through Hotmail but the account that is referenced is where I have the login code emailed to. So I have no account with Microsoft through the referenced email br*w@gci.net. And of course by looking at the properties of my posted emails you can get bradshaw@gci.net.

The details of the content can be legit or can be a phish.

I guess in your case this was a phish.

Going directly to the site at Microsoft, and looking for the
recent activity, would tell you whether or not access had
actually happened. Suggesting a passkey (FIDO key) had been
added is pretty cheeky, while hacking your account and
changing the phone number is more realistic if changing the
details. They could change items one at a time, over
a period of time.

The MSA has a different password than the email account uses.
Both passwords should be the long and strong type, so that
brute force or dictionary searches don't work against it.
The password could contain upper/lower case, numbers, punctuation.

By putting your email in USENET posts, I suppose someone
would try this. That could be why you were phished. Too bad
you don't use that account for any Windows MSA purpose... :-)

Paul
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2/24/2026 1:36 PM, Bill Bradshaw wrote:

Bill Bradshaw wrote:

"Microsoft account
Security info was added
The following security info was recently added to the Microsoft
account br*w@gci.net:
Passkey

If this was you, then you can safely ignore this email.
If this wasn't you, a malicious user has access to your account.
Please review your recent activity and we'll help you secure your
account. Review recent activity

To opt out or change where you receive security notifications, click
here. Thanks,
The Microsoft account team

Privacy Statement
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052"

I received the above message today. How could a passkey be added to
this account? As far as I know I do not use passkeys. If I had one
I assume it would be stored in the TPM or something. So is this even
possible for somebody to do with out access to the computer? I think
this is a phlish but in looking at the properties and the full
message text I did see anything that showed me it came from Russia or
some place. I do not want to click on "Review recent activity".

Anyway I can track this down?

Forget this. I went into my account directly through Microsoft. My account is setup through Hotmail but the account that is referenced is where I have the login code emailed to. So I have no account with Microsoft through the referenced email br*w@gci.net. And of course by looking at the properties
of my posted emails you can get bradshaw@gci.net.

Based on this info...you have a Hotmail account(which is a MSA/Microsoft Account). The Hotmail account appears to be configured with a
Passkey(either for online access or use of the Hotmail account in Windows(Windows logon or Windows o/s Microsoft app logon).

The notice regarding the passkey, as you mentioned is for the Hotmail
account with the Hotmail account's security settings configured to send notification to your gci.net account.

You can always visit the Hotmail accounts security settings to verify.
- Log in at account.microsoft.com, go to Security > Manage how I sign in.
=> when one adds a method to sign in the options are
Passkey(Fingerprint, Face, Pin, Security Key), or an App or Email a code.
--
...w-i|#-o-#-n|#
--- Synchronet 3.21b-Linux NewsLink 1.2