Microsoft Accounts Now Support Passwordless Login via FIDO 2 Security Keys

Joanna Estrada
November 21, 2018

In April, Microsoft announced their support for the WebAuthn standard that would bring password-less online authentication to Microsoft Edge using FIDO2 security keys.

Though Microsoft explains that many FIDO2 CTAP security key will work with Microsoft Account sign-in (the company has listed required features and extensions in a separate help document), it specifically mentions Yubico and Feitian Technologies as its partners for this new initiative in today's announcement.

Assuming you meet those requirements (and you've got a compatible FIDO2 key), all you need to do is sign into your Microsoft Account through Edge and then head to the Security menu.

Microsoft and Yubico have been working on the FIDO 2 specification along with others in the FIDO Alliance and the W3C for the past few years. According to Yubico, you'll be able to use the company's security keys with Microsoft services including Windows, Skype, OneDrive and Bing to automatically unlock them all with a single sign-on process. Their objective was to give users a way to log into websites without needing any passwords-just a hardware token, such as a USB security key.

Launch Microsoft Edge on the latest Windows 10 update (version 1809). In Microsoft's case, this works by simply slotting the key into a PC's USB drive. From there, select "More security options" and then "Windows Hello and security keys", which will walk you through the process of setting up a security key.

You will now be at a page asking what type of security key you wish to use.

Now you can sign in to your Microsoft Account using Windows Hello, FIDO2 devices
You Can Now Sign-In to Your Microsoft Account Without a Password

You will then be prompted to set a unique PIN to protect your key.

Microsoft Vice President Alex Simon called the FIDO2 support a "security game changer".

Configuring this is easy enough, and I was able to do so over the weekend because YubiKey had been kind enough to send me a YubiKey 5 Series hardware security key; Microsoft enabled this functionality on the Microsoft account website last week.

You will be redirected to the setup experience, where you will insert or tap your security key.

Take the follow-up action by touching either the button or gold disk if your key has one (or read the instruction manual to figure out what else it might be).

Name your security key so that you can distinguish it from other keys.

Other reports by Click Lancashire

Discuss This Article