diff --git a/docs/_sidebar.md b/docs/_sidebar.md
index fcac50ca..34b94dda 100644
--- a/docs/_sidebar.md
+++ b/docs/_sidebar.md
@@ -18,6 +18,10 @@
- [TechPass account](reset-techpass-mfa-for-new-device)
- **Manage password**
- [Reset your TechPass password](reset-password)
+- **Setup Passwordless**
+ - [Setup passwordless](transition-passwordless)
+ - [Verify passwordless setup](verify-passwordless)
+ - [Passwordless FAQ](faq-passwordless)
- **TechPass support resources**
- [TechPass status](/support/techpass-status.md)
- [Raise a service request](raise-a-service-request)
diff --git a/docs/assets/images/access-sgts-services-using-techpass/log-in-passwordless-1.png b/docs/assets/images/access-sgts-services-using-techpass/log-in-passwordless-1.png
new file mode 100644
index 00000000..c0e1be95
Binary files /dev/null and b/docs/assets/images/access-sgts-services-using-techpass/log-in-passwordless-1.png differ
diff --git a/docs/assets/support/authenticator_settings_1_android.png b/docs/assets/support/authenticator_settings_1_android.png
new file mode 100644
index 00000000..89ae4b64
Binary files /dev/null and b/docs/assets/support/authenticator_settings_1_android.png differ
diff --git a/docs/assets/support/authenticator_settings_1_ios.png b/docs/assets/support/authenticator_settings_1_ios.png
new file mode 100644
index 00000000..6815f4d9
Binary files /dev/null and b/docs/assets/support/authenticator_settings_1_ios.png differ
diff --git a/docs/assets/support/passwordless_setup_2_android.png b/docs/assets/support/passwordless_setup_2_android.png
new file mode 100644
index 00000000..0196d4fa
Binary files /dev/null and b/docs/assets/support/passwordless_setup_2_android.png differ
diff --git a/docs/assets/support/passwordless_setup_3.png b/docs/assets/support/passwordless_setup_3.png
new file mode 100644
index 00000000..ef863742
Binary files /dev/null and b/docs/assets/support/passwordless_setup_3.png differ
diff --git a/docs/assets/support/passwordless_setup_4.png b/docs/assets/support/passwordless_setup_4.png
new file mode 100644
index 00000000..179c0fa7
Binary files /dev/null and b/docs/assets/support/passwordless_setup_4.png differ
diff --git a/docs/assets/support/passwordless_setup_5.png b/docs/assets/support/passwordless_setup_5.png
new file mode 100644
index 00000000..7266c34d
Binary files /dev/null and b/docs/assets/support/passwordless_setup_5.png differ
diff --git a/docs/assets/support/passwordless_setup_6.png b/docs/assets/support/passwordless_setup_6.png
new file mode 100644
index 00000000..3721bca2
Binary files /dev/null and b/docs/assets/support/passwordless_setup_6.png differ
diff --git a/docs/assets/support/passwordless_setup_7.png b/docs/assets/support/passwordless_setup_7.png
new file mode 100644
index 00000000..abdd4329
Binary files /dev/null and b/docs/assets/support/passwordless_setup_7.png differ
diff --git a/docs/assets/support/passwordless_setup_8.png b/docs/assets/support/passwordless_setup_8.png
new file mode 100644
index 00000000..c2eb5e8f
Binary files /dev/null and b/docs/assets/support/passwordless_setup_8.png differ
diff --git a/docs/assets/support/passwordless_transition_1.png b/docs/assets/support/passwordless_transition_1.png
new file mode 100644
index 00000000..7ad96315
Binary files /dev/null and b/docs/assets/support/passwordless_transition_1.png differ
diff --git a/docs/assets/support/passwordless_transition_2.png b/docs/assets/support/passwordless_transition_2.png
new file mode 100644
index 00000000..adb65936
Binary files /dev/null and b/docs/assets/support/passwordless_transition_2.png differ
diff --git a/docs/assets/support/passwordless_transition_3.png b/docs/assets/support/passwordless_transition_3.png
new file mode 100644
index 00000000..86056961
Binary files /dev/null and b/docs/assets/support/passwordless_transition_3.png differ
diff --git a/docs/assets/support/passwordless_transition_4.png b/docs/assets/support/passwordless_transition_4.png
new file mode 100644
index 00000000..df06d2ab
Binary files /dev/null and b/docs/assets/support/passwordless_transition_4.png differ
diff --git a/docs/assets/support/passwordless_transition_5.png b/docs/assets/support/passwordless_transition_5.png
new file mode 100644
index 00000000..1cda7325
Binary files /dev/null and b/docs/assets/support/passwordless_transition_5.png differ
diff --git a/docs/assets/support/passwordless_transition_6.png b/docs/assets/support/passwordless_transition_6.png
new file mode 100644
index 00000000..2ffe521b
Binary files /dev/null and b/docs/assets/support/passwordless_transition_6.png differ
diff --git a/docs/assets/support/passwordless_transition_7.png b/docs/assets/support/passwordless_transition_7.png
new file mode 100644
index 00000000..2833bc64
Binary files /dev/null and b/docs/assets/support/passwordless_transition_7.png differ
diff --git a/docs/assets/support/passwordless_transition_8.png b/docs/assets/support/passwordless_transition_8.png
new file mode 100644
index 00000000..1b28e49b
Binary files /dev/null and b/docs/assets/support/passwordless_transition_8.png differ
diff --git a/docs/assets/support/passwordless_verify_1.png b/docs/assets/support/passwordless_verify_1.png
new file mode 100644
index 00000000..83e4d360
Binary files /dev/null and b/docs/assets/support/passwordless_verify_1.png differ
diff --git a/docs/faq-passwordless.md b/docs/faq-passwordless.md
new file mode 100644
index 00000000..863bfee3
--- /dev/null
+++ b/docs/faq-passwordless.md
@@ -0,0 +1,73 @@
+# Passwordless FAQ
+
+This article provides additional information about passwordless sign-in.
+
+## Audience
+
+Users with `@techpass.gov.sg` accounts.
+
+## Who is affected?
+
+- **Included**: All users with **@techpass.gov.sg** accounts.
+- **Excluded**:
+ - Users with **WoG/MOE identities**.
+ - Project product identities used for **synthetic monitoring**.
+ - **Test** and **training** product identities.
+
+## What do the affected users need to do?
+
+**Existing `@techpass.gov.sg` users** that have setup multifactor authentication (MFA), follow the steps in [Setup Passwordless](transition-passwordless.md).
+
+**New `@techpass.gov.sg` users** onboarding to TechPass, follow the steps in [Get invited and onboard to TechPass](get-invited-and-onboard-to-techpass.md). The steps have been updated to include passwordless sign-in setup.
+
+## How does passwordless sign-in look like?
+
+With passwordless sign-in, after you enter or select your `@techpass.gov.sg` account, you will not be prompted for a password. Instead, the Microsoft Authenticator app on your mobile phone will receive a sign-in notification for you to approve the sign-in. You may also refer to [log in to TechPass using passwordless](log-in-with-techpass#authentication-for-techpassgovsg-account-using-passwordless-sign-in).
+
+## How do I verify that I have set up passwordless sign-in properly?
+
+To verify, follow the steps in [Verify passwordless setup](verify-passwordless).
+
+## I have set up passwordless sign-in, but I am still being prompted for a password
+
+If you have set up passwordless sign-in but the sign-in flow still prompts for a password, you may click on the **Use app instead**.
+
+
+
+It may take a few minutes for the "Use app instead" option to be available if passwordless sign-in was recently set up.
+
+If it still does not prompt for passwordless sign-in and the "Use app instead" option is not available after an hour:
+1. Verify that the passwordless sign-in setup is registered by following the steps in [Verify passwordless setup](verify-passwordless)
+2. Raise a [ticket](https://go.gov.sg/seed-techpass-support) with us.
+
+## I have accounts in other TechPass environments (@stg.techpass.gov.sg, @dev.techpass.gov.sg). Will this affect me?
+
+Yes. Passwordless will be applied to all TechPass environments.
+
+## I am using Microsoft Authenticator with number matching push notification. Do I need to do anything?
+
+Great! You are only one step away from using passwordless. You may follow the step in [Enable Passwordless sign-in in mobile app](transition-passwordless#step-4-enable-passwordless-sign-in-in-mobile-app). This step only requires you to enable passwordless sign-in in your mobile app.
+
+## I am using OATH software tokens like Authy and Google Authenticator apps. Can I continue using them?
+
+No, you need to use the **Microsoft Authenticator** app. Passwordless is configured only using Microsoft Authenticator. Follow the steps in [Setup Passwordless](transition-passwordless) to transition to Microsoft Authenticator.
+
+Authy and Google Authenticator **will not** be supported in the future. Raise a [ticket](https://go.gov.sg/seed-techpass-support) with us if there are special circumstances where you cannot bring your mobile device into your work premises.
+
+## When do I need to transition from Authy or Google Authenticator apps to use Microsoft Authenticator passwordless sign-in?
+
+There is no deadline determined yet for the use of Software OATH tokens like Authy and Google Authenticator apps. However, they will not be supported in the future. We strongly recommend that you start using the **Microsoft Authenticator** app with passwordless sign-in.
+
+## What are the supported authenticators?
+
+Only the **Microsoft Authenticator** app is supported for passwordless sign-in. Other authenticators and passkeys are not supported. Raise a [ticket](https://go.gov.sg/seed-techpass-support) with us if there are special circumstances where you cannot bring your mobile device into your work premises.
+
+## If you change, lose, or damage your phone
+
+If you change to a new phone and still have access to the old phone with Microsoft Authenticator:
+1. Install Microsoft Authenticator on your new phone.
+2. Follow the steps in [Setup Passwordless](transition-passwordless) to set up passwordless sign-in on your new phone.
+3. After you have verified that you can use passwordless sign-in using the new phone, you can remove the Microsoft Authenticator linked to your old phone by following the steps in [Delete an unused sign-in method](transition-passwordless#step-8-optional-delete-an-unused-sign-in-method).
+
+If you do not have access to your Microsoft Authenticator in your old phone anymore, you can regain access using Temporary Access Pass (TAP). Follow the steps in .........
+
diff --git a/docs/get-invited-and-onboard-to-techpass.md b/docs/get-invited-and-onboard-to-techpass.md
index 01bbb1d0..52a33d6e 100644
--- a/docs/get-invited-and-onboard-to-techpass.md
+++ b/docs/get-invited-and-onboard-to-techpass.md
@@ -64,7 +64,7 @@ You need the following to get invited to TechPass and complete the onboarding:
> **If your request for TechPass provisioning is successful**:
>
>- A TechPass account is provisioned for you and is in pending state.
->- We'll send the TechPass onboarding email which will contain your username. Please note that you should use this username to log in, rather than your email address.
+>- You will receive an account created email from TechPass containing your username. Note that you should **use this username to log in, rather than your email address**.
>- Check your junk/spam folder if you do not see the email in your inbox.
>- **For users invited via TechPass Portal or DevConsole Portal:** You have set up your own password during registration.
>- **For users invited via TechBiz Portal:** We'll send the initial password by SMS to the registered mobile number.
@@ -99,12 +99,11 @@ You need the following to get invited to TechPass and complete the onboarding:
+## Step 4: Configure Multi-Factor Authentication (MFA) for TechPass account
+?> This section guides you to configure Microsoft Authenticator as your MFA. Microsoft Authenticator is required for the following reasons:
- It supports **Passwordless** sign ins.
- It supports **Number Matching** to protect you from MFA Fatigue attacks and increases the security of your account.
- Microsoft constantly improves its MFA security policies to protect its users.
-## Step 3: Configure Multi-Factor Authentication (MFA) for TechPass account
-
-?> This section guides you to configure Microsoft Authenticator as your MFA. We recommend Microsoft Authenticator for the following reasons:
- It supports **Number Matching** to protect you from MFA Fatigue attacks and increases the security of your account.
- Microsoft constantly improves its MFA security policies to protect its users.
-
+!> TechPass accounts will be secured using Passwordless sign ins via MS Authenticator. Authy and Google Authenticator **will not** be supported.
Raise a [ticket](https://go.gov.sg/seed-techpass-support) with us if there are special circumstances where you cannot bring your mobile device into your work premises.
1. Install Microsoft Authenticator on your mobile phone.
@@ -147,7 +146,7 @@ You need the following to get invited to TechPass and complete the onboarding:
-## Step 4: Reset your initial password
+## Step 5: Reset your initial password
?> **Note:** This step only applies if you were invited via the TechBiz Portal and received an initial password via SMS. If you set up your own password during registration (TechPass Portal or DevConsole Portal invitation), you can skip this step.
@@ -158,7 +157,7 @@ You need the following to get invited to TechPass and complete the onboarding:
-## Step 5: Accept the terms and conditions
+## Step 6: Accept the terms and conditions
1. Read the **Privacy Policy** and click **Accept**.
2. Read the **Terms of Use** and click **Accept**. You have successfully onboarded to TechPass.
@@ -166,7 +165,68 @@ You need the following to get invited to TechPass and complete the onboarding:
?>- Upon accepting the terms and conditions, you are successfully onboarded to TechPass.
- If you had requested for SEED to be provisioned, you may proceed to onboard your Internet Device to SEED.
- Before you onboard your Internet Device to SEED, see[Prerequisites for onboarding your device to SEED](https://docs.developer.tech.gov.sg/docs/security-suite-for-engineering-endpoint-devices/#/prerequisites-for-onboarding).
-### Next step
+
+## Step 7: Enable Passwordless sign-in in mobile app
+?> This section guides you to configure Passwordless sign-in using Microsoft Authenticator.
+
+>**Benefits of Passwordless Authentication**
+>
+>[Passwordless authentication](https://www.microsoft.com/en-sg/security/business/solutions/passwordless-authentication) offers several advantages over traditional password-based systems:
+>- Reduced attack surface: Eliminates risks from password theft, reuse, phishing, and brute-force attacks.
+>- Improved user experience: Users do not need to remember complex passwords or manage frequent resets. Authentication is faster and less error-prone.
+>- Stronger security posture: Modern passwordless methods use cryptographic keys, biometrics, and device-bound credentials, which are more secure than passwords.
+>- Simplified access: Users can securely access corporate resources from various devices, supporting organizational security policies.
+>
+>More information [about passwordless](https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-phone).
+
+1. On the Microsoft Authenticator app on your mobile phone, select the **TECHPASS** account
+
+2. Select on **Set up Passwordless sign-in requests**
+
+ 
+
+3. Enter TechPass account password when prompted in the Microsoft Authenticator app and tap on **Sign in**.
+
+ 
+
+4. MFA will be prompted and your mobile phone will receive a push notification to approve the sign-in.
+
+ 
+
+5. **Open** the Authenticator notification and approve the sign-in by selecting **Yes**.
+
+ 
+
+6. Proceed with passwordless setup when displayed by selecting on **Continue**.
+
+ 
+
+7. The Authenticator app will prompt you for phone passcode or biometric. **Proceed** with the authentication.
+
+8. Account added page will be displayed when the passwordless setup is done. You may select **Done**.
+
+ 
+
+
+## Step 8: Enable Microsoft Authenticator App lock
+This step is to ensure that App Lock is enabled in the Microsoft Authenticator.
+
+1. On the Microsoft Authenticator app, access the **Settings**.
+
+ - For Android, open the menu via the three-dot icon and select Settings.
+
+ 
+
+ - For iOS, open the sidebar and select Settings.
+
+ 
+
+2. Enable the **App Lock** if not yet enabled.
+
+3. The app will prompt you for phone passcode or biometric. **Proceed** with the authentication.
+
+
+## Next step
- [Verify TechPass login](log-in-with-techpass#log-in-to-a-service-using-your-techpass-account)
diff --git a/docs/log-in-with-techpass.md b/docs/log-in-with-techpass.md
index 97ae09c0..2229200a 100644
--- a/docs/log-in-with-techpass.md
+++ b/docs/log-in-with-techpass.md
@@ -1,56 +1,79 @@
# Log in with TechPass
-This article tells you how to:
+This article tells you how to sign-in to a service using TechPass account.
- - [Log in to a service using your TechPass account](#log-in-to-a-service-using-your-techpass-account)
- - [Log in to TechPass Portal](#log-in-to-techpass-portal)
-
## Log in to a service using your TechPass account
-1. Go to the Portal or home page of the required service.
+1. Go to the Portal or home page of the required service. Some of the services using TechPass:
+ - [TechPass Portal](https://portal.techpass.gov.sg/) (accessible using non-SE GSIB, Comet or GMD)
+ - [Console (TechBiz, StackOps, SHIP-HATS)](https://console.developer.tech.gov.sg/) (accessible using non-SE GSIB, Comet or GMD)
+ - [Documentation Portal](https://docs.developer.tech.gov.sg/docs) (accessible using any device)
+ - [GCC CMP](https://cmp.gcc.gov.sg/) (accessible using non-SE GSIB, Comet or GMD)
+ - [SEED Dashboard](https://dashboard.seed.tech.gov.sg/) (accessible using non-SE GSIB, Comet or GMD)
+
2. Click **Login with TechPass**.
3. Choose the required TechPass account.
-4. If you have a WOG account and logging in via your GMD, complete the following steps:
+4. You may be asked to provide other authentication method:
+ - If you have a **WOG account** and logging in via your GMD, refer to [Authentication for WOG account via GMD](#authentication-for-wog-account-via-gmd)
+ - If you have a **@techpass account**, refer to
+ - [Using passwordless sign-in](#authentication-for-techpassgovsg-account-using-passwordless-sign-in)
+ - [Using password and authenticator push notification](#authentication-for-techpassgovsg-account-using-password-and-microsoft-authenticator-push-notification)
- a. Enter the verification code displayed for your SG Govt M365 profile on your Authenticator app.
+## Authentication for WOG account via GMD
- b. Click **Sign in**.
+?> If you have setup passwordless sign-in for your WOG account, proceed to step 3.
- c. Proceed to step 6.
+1. Enter the verification code displayed for your SG Govt M365 profile on your Authenticator app.
-5. If your TechPass log in ID's domain is ```techpass.gov.sg```, enter the password of your TechPass account and click **Sign in**. For example, if your TechPass ID is john_doe@techpass.gov.sg, you need to enter your TechPass password.
+2. Click **Sign in**.
- You are prompted to authenticate your sign-in. A number is shown on your browser.
+3. You are prompted to authenticate your sign-in. A number is shown on your browser.
-6. On the Authenticator app, enter the number shown on your browser.
+4. On the Authenticator app, enter the number shown on your browser.
-7. Select **Yes** or **Done** on the app.
+5. Select **Yes** or **Done** on the app.
You have successfully logged in to the service using your TechPass account.
-## Log in to TechPass Portal
+## Authentication for @techpass.gov.sg account using passwordless sign-in
-1. Using your non-SE GSIB or GMD device, go to the [TechPass Portal](http://portal.techpass.gov.sg/).
-2. Click **Login with TechPass**.
-3. Sign in to your TechPass account or choose the required TechPass account.
+?> If you have **@techpass.gov.sg** account and have not set up passwordless sign-in, refer to: [Enable passwordless sign-in](get-invited-and-onboard-to-techpass#step-7-enable-passwordless-sign-in-in-mobile-app)
- 
+1. If you have setup passwordless sign-in but the sign-in flow still prompts for password, you may click on the "Use app instead"
+
+ 
+
+ ?> If passwordless sign-in has just been recently setup, it may take a few minutes for the "Use app instead" option to be available.
-4. You are prompted to approve your sign-in. A number is shown on your browser.
+2. You are prompted to approve your sign-in. A number is shown on your browser.
- 
+ 
-5. On the Authenticator app, enter the number shown.
+3. On the Authenticator app, enter the number shown.
-6. Select **Yes** or **Done** on the app.
+4. Select **Yes** or **Done** on the app.
You have successfully logged in to the TechPass Portal.
+## Authentication for @techpass.gov.sg account using password and Microsoft Authenticator push notification
+
+1. Enter the password of your TechPass account and click **Sign in**. For example, if your TechPass ID is john_doe@techpass.gov.sg, you need to enter your TechPass password.
+
+2. You are prompted to authenticate your sign-in. A number is shown on your browser.
+
+ 
+
+3. On the Authenticator app, enter the number shown on your browser.
+
+4. Select **Yes** or **Done** on the app.
+
+ You have successfully logged in to the service using your TechPass account.
+
diff --git a/docs/transition-passwordless.md b/docs/transition-passwordless.md
new file mode 100644
index 00000000..6293046c
--- /dev/null
+++ b/docs/transition-passwordless.md
@@ -0,0 +1,164 @@
+# Setup Passwordless Sign-In
+
+This article guides you on how to setup passwordless sign-in if you have existing MFA.
+
+## Benefits of Passwordless Authentication
+
+[Passwordless authentication](https://www.microsoft.com/en-sg/security/business/solutions/passwordless-authentication) offers several advantages over traditional password-based systems:
+- Reduced attack surface: Eliminates risks from password theft, reuse, phishing, and brute-force attacks.
+- Improved user experience: Users do not need to remember complex passwords or manage frequent resets. Authentication is faster and less error-prone.
+- Stronger security posture: Modern passwordless methods use cryptographic keys, biometrics, and device-bound credentials, which are more secure than passwords.
+- Simplified access: Users can securely access corporate resources from various devices, supporting organizational security policies.
+
+More information [about passwordless](https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-phone).
+
+## Audience
+
+Users who have `@techpass.gov.sg` account and have signed-in and setup MFA before.
+
+If you already have **Microsoft Authenticator app and use app notification with number matching** for your MFA, proceed to [Step 4](#step-4-enable-passwordless-sign-in-in-mobile-app).
+
+If you are using **other software token authenticators** like Authy or Google Authenticator, continue with [Step 1](#step-1-open-my-account-in-techpass-portal) to transition to use Microsoft Authenticator for passwordless sign-in.
+
+?> Azure Passwordless authentication **does not support 3rd-party authenticators** like Authy or Google Authenticator. Hence, you need to transition to Microsoft Authenticator.
Raise a [ticket](https://go.gov.sg/seed-techpass-support) with us if you have legitimate reasons why you cannot use Microsoft Authenticator to secure your identity (e.g., security-related restrictions where you cannot bring a mobile phone into the work premises).
+
+## Step 1: Open My Account in TechPass Portal
+
+1. Using your non-SE GSIB or GMD device, log in to [TechPass Portal](https://portal.techpass.gov.sg).
+
+2. Hover over your account name and click **My Account**.
+
+
+
+
+## Step 2: Open Manage Sign-In Methods (Microsoft Account Security Info)
+
+1. Hover over the setting icon and click **Manage Sign-In Methods**.
+
+ 
+
+2. You may be asked to verify your sign-in. Select the same account that you used in the previous step.
+
+3. Microsoft account security info will be displayed.
+
+ 
+
+
+## Step 3: Configure Microsoft Authenticator sign-in method
+
+1. Click on **Add sign-in method**.
+
+ 
+
+2. Click on **Microsoft Authenticator**.
+
+3. Install Microsoft Authenticator on your mobile phone if you have not done so. Click **Next** on your computer.
+
+ ?> Azure Passwordless authentication **do not support the use of 3rd-party authenticators** like Authy or Google Authenticator
+
+ 
+
+4. On your computer, you will be prompted to set up the account in your app. Click **Next**.
+
+ 
+
+5. On your computer, a QR code will be displayed.
+
+ 
+
+6. On your mobile phone, open Microsoft **Authenticator** and select **+ Add account** > **Work or School account**.
+
+7. **Scan** the QR code on your computer screen. Your TechPass account will be added to Microsoft Authenticator on your mobile phone.
+
+8. On your computer, click **Next**.
+
+ A number is shown on your browser.
+
+ 
+
+9. On the Authenticator app, **enter the number** shown, and select **Yes** to verify.
+
+
+## Step 4: Enable Passwordless sign-in in mobile app
+?> This section guides you to configure Passwordless sign-in using Microsoft Authenticator.
+
+1. On the Microsoft Authenticator app, select the TECHPASS account.
+
+2. Select **Set up Passwordless sign-in requests**.
+
+ 
+
+3. Enter your TechPass account password when prompted in the Microsoft Authenticator app and tap **Sign in**.
+
+ 
+
+4. MFA will be prompted and your mobile phone will receive a push notification to approve the sign-in.
+
+ 
+
+5. **Open** the Authenticator notification and approve the sign-in by selecting **Yes**.
+
+ 
+
+6. When prompted, proceed with the passwordless setup by selecting **Continue**.
+
+ 
+
+7. The Authenticator app will prompt you for phone passcode or biometric. **Proceed** with the authentication.
+
+8. The account added page will be displayed when the passwordless setup is done. Select **Done**.
+
+ 
+
+
+## Step 6: Enable Microsoft Authenticator App lock
+This step is to ensure that App Lock is enabled in the Microsoft Authenticator.
+
+1. On the Microsoft Authenticator app, access the **Settings**.
+
+ - For Android, open the menu via the three-dot icon and select Settings.
+
+ 
+
+ - For iOS, open the sidebar and select Settings.
+
+ 
+
+2. Enable the **App Lock** if not yet enabled.
+
+3. The app will prompt you for phone passcode or biometric. **Proceed** with the authentication.
+
+
+## Step 7: Set default sign-in method
+?> Proceed with this step only if the **Sign-in method when most advisable is unavailable** is not **App based authentication - notification**.
+
+1. Go back to the Microsoft account security info page on your computer.
+
+ ?>On how to access Microsoft Account Security Info, follow [step 1](#step-1-open-my-account-in-techpass-portal) and [step 2](#step-2-open-manage-sign-in-methods-microsoft-account-security-info)
+
+2. Click **Change** for **Sign-in method when most advisable is unavailable**.
+
+ 
+
+3. Select **App based authentication - notification**.
+
+4. Click on **Confirm**.
+
+
+## Step 8: (Optional) Delete an unused sign-in method
+?> Proceed only if you wish to remove an unused sign-in method, such as remove other Authenticator app (TOTP) sign-in method or sign-in method linked to lost device.
+
+1. Go back to the Microsoft account security info page on your computer.
+
+ ?>On how to access Microsoft Account Security Info, follow [step 1](#step-1-open-my-account-in-techpass-portal) and [step 2](#step-2-open-manage-sign-in-methods-microsoft-account-security-info)
+
+2. Find the sign-in method you wish to delete.
+ - To delete software OATH token (Authy or Google Authenticator), find **Authenticator app Time-based one-time password (TOTP)**.
+
+3. Click on **Delete**.
+
+4. Click **OK** to confirm.
+
+## Next step
+
+- [Verify TechPass login](log-in-with-techpass#log-in-to-a-service-using-your-techpass-account)
diff --git a/docs/verify-passwordless.md b/docs/verify-passwordless.md
new file mode 100644
index 00000000..52325ed7
--- /dev/null
+++ b/docs/verify-passwordless.md
@@ -0,0 +1,45 @@
+# Verify Passwordless Setup
+
+This article guides you on how to verify that passwordless sign-in is set up correctly.
+
+## Audience
+
+Users with `@techpass.gov.sg` accounts who have set up passwordless sign-in.
+
+## Step 1: Open My Account in TechPass Portal
+
+1. Using your non-SE GSIB or GMD device, log in to [TechPass Portal](https://portal.techpass.gov.sg).
+
+2. Hover over your account name and click **My Account**.
+
+ 
+
+
+## Step 2: Open Manage Sign-In Methods (Microsoft Account Security Info) and verify Passwordless sign-in method
+
+1. Hover over the setting icon and click **Manage Sign-In Methods**.
+
+ 
+
+2. You may be asked to verify your sign-in. Select the same account that you used in the previous step.
+
+3. Microsoft account's Security info will be displayed.
+
+ 
+
+4. Verify that **Microsoft Authenticator Passwordless sign-in** linked to your device is in the list.
+
+ If you do not see it:
+ - If you see **Microsoft Authenticator Push multi-factor authentication**, follow [Enable Passwordless sign-in in mobile app](transition-passwordless#step-4-enable-passwordless-sign-in-in-mobile-app).
+ - If you do not see any **Microsoft Authenticator** entry, follow [Setup Passwordless Sign-In](transition-passwordless#step-1-open-my-account-in-techpass-portal).
+
+
+## Step 3: Open the Microsoft Authenticator app and verify Passwordless sign-in is listed
+
+1. On the Microsoft Authenticator app on your mobile phone, select the TECHPASS account.
+
+2. Verify that under **Ways to sign in or verify**, you see **Passwordless sign-in requests**.
+
+ 
+
+ If you do not see it, follow [Enable Passwordless sign-in in mobile app](transition-passwordless#step-4-enable-passwordless-sign-in-in-mobile-app).