Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices
We have been on a journey to eliminate passwords. Today, we are delighted to announce an important milestone.
Microsoft has been aligned with the Fast Identity Online (FIDO) working group from the start, the alliance represents 250 organizations from various industries on a joint mission to replace passwords with an easy to use strong credential. With the recent ratification of FIDO2 security keys by the FIDO working group, we’re updating Windows Hello to enable secure authentication for many new scenarios.
Imagine a helpdesk scenario where an employee can walk up to any device and simply log in using Windows Hello and not username and password. Another scenario is hospital medical staff that need access a patient records on a device no matter where the patient is located. Or a public-sector organization that wants secure authentication on devices while adhering to security policies and directives where the users credential needs to be physically separate from the device itself.
Microsoft and its partners have been working together on FIDO2 security keys for Windows Hello to enable easy and secure authentication on shared devices. Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that’s part of your organization. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.
FIDO2 compliant security keys provide secure authentication, independent of the form factor. The security key holds your credential and can be protected with an additional second factor like fingerprint (integrated into the security key) or a PIN to be entered at the Windows sign-in.
Our partners are working on a variety of security key form factors. Some examples include USB security keys and NFC enabled smartcards, just to name a few. We are looking forward to seeing new form factors and possibly applications on your phone that comply with the FIDO2 specification.
Here’s a glimpse into the security keys from our partners we’ve been working closely with
Yubico – Security key for Windows Hello
HID – Security key for Windows Hello
Feitian – Security key for Windows Hello with biometric sensor