If you're looking to ditch your passwords for something a little more secure, it's been a good week. After the debut of the new WebAuthn standard last week, Yubico followed things up with a new security key (opens in new tab) built to work with FIDO2 and WebAuthn API authentication standards. Now, Microsoft is taking things a step further by announcing Windows Hello will support FIDO2 security keys as well.
Windows Hello's support for FIDO2 keys will work specifically with Yubico's USB FIDO2 Security Key, along with additional form factors from other partners. The feature is currently available as part of a limited preview via the Windows Technology Adoption Program, and it works with both Windows 10 and for Azure Active Directory users.
Though it's easy to see this sort of thing extending to the consumer sphere, Microsoft appears to be focused on enterprise scenarios for the moment. From Microsoft:
"Microsoft's FIDO2 implementation using the Security Key by Yubico is just the beginning of a passwordless world; there are no limits as to where this technology can take us," said Stina Ehrensvard, CEO and Founder, Yubico. "Passwords have been an age-old pain point for both individuals and organizations, and now, we have developed a unified open standard that can finally solve the problem at scale."
As it stands, Windows Hello already takes advantage of biometrics, like facial or fingerprint recognition, to allow users to log in without a password. However, support for FIDO2 security keys allows for a form of two-factor authentication, requiring the key itself along with a PIN or fingerprint to log in, all while eliminating the need for a password.
Microsoft is currently running a limited preview program for Windows Hello FIDO2 Security Key support, and you can sign up to join the waitlist. And if you want to get your hand on one of Yubico's new FIDO2 Security Keys now, they're available to order for $20 (opens in new tab).
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
This is nice because Microsoft needs to cover the whole spectrum of security options to work on Windows Hello. That said, I think that for most cases, using an object to unlock your PC is not the most convenient case, and for those cases, biometric measures are the most efficient and secure.
Though not the most efficient, the safest combination probably involves both biometrics and a physical key like this.
Correct, Real0359. The main use for these keys (according to the section of the standard they follow) is as a second factor device. So, I'm thinking to get one to avoid having to use a smart phone for dual factor.
The problem with bio-metric is that it may still require an object, not all devices have cameras built in and certainly not one that works with Windows hello, since it seems to not use a normal camera and the same with fingerprint readers.
My computer have none, but then I do not use passwords to get into it anyway.
A cheap USB fingerprint reader solves that.
I would settle for a combination of a biometric & a password/PIN
Yea, but a little button is easier and I can go for complex passwords that way.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.