If you're looking to ditch your passwords for something a little more secure, it's been a good week. After the debut of the new WebAuthn standard last week, Yubico followed things up with a new security key built to work with FIDO2 and WebAuthn API authentication standards. Now, Microsoft is taking things a step further by announcing Windows Hello will support FIDO2 security keys as well.
Windows Hello's support for FIDO2 keys will work specifically with Yubico's USB FIDO2 Security Key, along with additional form factors from other partners. The feature is currently available as part of a limited preview via the Windows Technology Adoption Program, and it works with both Windows 10 and for Azure Active Directory users.
Though it's easy to see this sort of thing extending to the consumer sphere, Microsoft appears to be focused on enterprise scenarios for the moment. From Microsoft:
Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that's part of your organization. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.
"Microsoft's FIDO2 implementation using the Security Key by Yubico is just the beginning of a passwordless world; there are no limits as to where this technology can take us," said Stina Ehrensvard, CEO and Founder, Yubico. "Passwords have been an age-old pain point for both individuals and organizations, and now, we have developed a unified open standard that can finally solve the problem at scale."
As it stands, Windows Hello already takes advantage of biometrics, like facial or fingerprint recognition, to allow users to log in without a password. However, support for FIDO2 security keys allows for a form of two-factor authentication, requiring the key itself along with a PIN or fingerprint to log in, all while eliminating the need for a password.
Microsoft is currently running a limited preview program for Windows Hello FIDO2 Security Key support, and you can sign up to join the waitlist. And if you want to get your hand on one of Yubico's new FIDO2 Security Keys now, they're available to order for $20.
