Windows Hello Will Support FIDO2 Security Keys

Windows Hello Will Support FIDO2 Security Keys

Microsoft announced today that its Windows 10 biometric authentication technologies will be updated to support FIDO2-compatible security keys from companies like YubiKey.

“Microsoft and its partners have been working together on FIDO2 security keys for Windows Hello to enable easy and secure authentication on shared devices,” Microsoft’s Pieter Wigleven explains. “Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that’s part of your organization. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Today’s announcement is tied to the finalization of the FIDO2 specification by the Fast Identity Online (FIDO) working group. And it should be seen as yet another step in Microsoft’s quest to eliminate passwords from the security stack.

“Unlike traditional passwords, FIDO2 keys rely on high-security, public-key cryptography to provide strong authentication,” Wigleven continues. “These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers. The security key holds your credential and can be protected with an additional second factor like fingerprint (integrated into the security key) or a PIN to be entered at the Windows sign-in.”

FIDO2-compatible security keys will take a number of forms, but the most familiar, perhaps, is the YubiKey-style USB key. Other firms will make similar keys, and others still are working on NFC enabled smart cards. It’s possible that phone apps like Microsoft Authenticator could be adapted to be FIDO2-compatible as well, Microsoft says.

The only downside? It’s not clear when this support will be broadly available. Microsoft notes only that it is in a limited preview release right now. But if you’re interested in testing this support, you can sign-up for Microsoft’s waitlist.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 3 comments

  • Polycrastinator

    17 April, 2018 - 4:10 pm

    <p>Nice.</p><p>Interestingly, there's already an app in the Windows Store which allows a Yubikey to be used for Windows Hello on a per PC basis, but having it as something that would work on any PC across an organization would be pretty awesome. I'd most love for them to hurry up and support U2F in Edge, though. We know that's coming, too, but it's already there in Firefox and Chrome.</p>

  • wright_is

    Premium Member
    18 April, 2018 - 3:58 am

    <p>I'm waiting for the YubiKey Neo to be updated. It works with LastPass and my Android smartphone (NFC) as well as my PC (USB).</p><p>A FIDO2 replacement would have to have both USB and NFC.</p>

    • Polycrastinator

      18 April, 2018 - 9:33 am

      <blockquote><a href="#263738"><em>In reply to wright_is:</em></a></blockquote><p>My big concern is one with both USB-A and USB-C. Right now if I sit down at a newer Mac I'm screwed. iOS support for the NFC function would be nice too, but I'm not holding my breath.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC